Malware Analysis Report

2024-11-30 05:01

Sample ID 240229-cr2rzabd35
Target https://www.mediafire.com/file/wl9moebaudqauqv/ROBLOX_Cheat.zip/file
Tags
lumma redline discovery infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/file/wl9moebaudqauqv/ROBLOX_Cheat.zip/file was found to be: Known bad.

Malicious Activity Summary

lumma redline discovery infostealer spyware stealer

Lumma Stealer

RedLine payload

RedLine

Executes dropped EXE

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-29 02:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-29 02:19

Reported

2024-02-29 02:23

Platform

win10v2004-20240226-en

Max time kernel

189s

Max time network

203s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/wl9moebaudqauqv/ROBLOX_Cheat.zip/file

Signatures

Lumma Stealer

stealer lumma

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5228 set thread context of 5160 N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A
N/A N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1132 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 2092 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1132 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/wl9moebaudqauqv/ROBLOX_Cheat.zip/file

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9dc3546f8,0x7ff9dc354708,0x7ff9dc354718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5564276866385568268,16693974027244964516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5172 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX Cheat\" -ad -an -ai#7zMap19909:86:7zEvent27531

C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe

"C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe

"C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 172.64.96.6:443 www.ezojs.com tcp
FR 18.161.108.15:443 cdn.amplitude.com tcp
IE 74.125.193.138:443 translate.google.com tcp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 97.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 api.btloader.com udp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 130.211.23.194:443 api.btloader.com tcp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 translate.googleapis.com udp
IE 209.85.202.95:443 translate.googleapis.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 172.64.192.4:443 go.ezodn.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
IE 209.85.202.156:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 api.amplitude.com udp
US 44.237.121.95:443 api.amplitude.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 130.211.23.194:443 api.btloader.com udp
IE 209.85.203.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 tlx.3lift.com udp
IE 209.85.202.156:443 securepubads.g.doubleclick.net udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 34.120.63.153:443 prebid.media.net tcp
DE 18.185.72.57:443 btlr.sharethrough.com tcp
DE 18.185.72.57:443 btlr.sharethrough.com tcp
DE 18.185.72.57:443 btlr.sharethrough.com tcp
DE 18.185.72.57:443 btlr.sharethrough.com tcp
DE 18.185.72.57:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
DE 18.195.77.67:443 tlx.3lift.com tcp
US 8.8.8.8:53 6.96.64.172.in-addr.arpa udp
US 8.8.8.8:53 15.108.161.18.in-addr.arpa udp
US 8.8.8.8:53 38.97.161.18.in-addr.arpa udp
US 8.8.8.8:53 138.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 139.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 222.89.181.35.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 95.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 4.192.64.172.in-addr.arpa udp
US 8.8.8.8:53 149.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 94.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 156.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 95.121.237.44.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 172.253.116.94:443 www.google.co.uk tcp
IE 172.253.116.94:443 www.google.co.uk tcp
IE 74.125.193.106:443 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
IE 52.213.118.200:443 bcp.crwdcntrl.net tcp
FR 52.222.144.69:443 tags.crwdcntrl.net tcp
IE 54.72.69.210:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
IE 74.125.193.138:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 154.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 57.72.185.18.in-addr.arpa udp
US 8.8.8.8:53 67.77.195.18.in-addr.arpa udp
US 8.8.8.8:53 94.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 94.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 106.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 69.144.222.52.in-addr.arpa udp
US 8.8.8.8:53 210.69.72.54.in-addr.arpa udp
US 8.8.8.8:53 200.118.213.52.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 contextual.media.net udp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
GB 92.123.240.21:443 contextual.media.net tcp
US 8.8.8.8:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 21.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
IE 209.85.202.95:443 translate-pa.googleapis.com udp
FR 35.181.89.222:443 g.ezoic.net tcp
US 8.8.8.8:53 44726e1c90d7a622fa022ee5e1780f56.safeframe.googlesyndication.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
IE 172.253.116.132:443 44726e1c90d7a622fa022ee5e1780f56.safeframe.googlesyndication.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
FR 52.84.42.47:443 cdn.prod.uidapi.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 id5-sync.com udp
IE 209.85.202.132:443 tpc.googlesyndication.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
IE 209.85.202.132:443 tpc.googlesyndication.com udp
IE 74.125.193.106:443 www.google.com udp
IE 172.253.116.157:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 s0.2mdn.net udp
IE 209.85.202.149:443 s0.2mdn.net tcp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
IE 172.253.116.157:443 googleads.g.doubleclick.net udp
IE 209.85.202.149:443 s0.2mdn.net udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 132.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 167.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 47.42.84.52.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 132.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 157.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 149.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 bucket.cdnwebcloud.com udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
FR 3.160.196.102:443 bucket.cdnwebcloud.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
IE 172.253.116.95:443 ajax.googleapis.com tcp
US 8.8.8.8:53 102.196.160.3.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 95.116.253.172.in-addr.arpa udp
US 8.8.8.8:53 neural40.cdnwebcloud.com udp
IE 54.77.96.80:443 neural40.cdnwebcloud.com tcp
IE 54.77.96.80:443 neural40.cdnwebcloud.com tcp
US 8.8.8.8:53 80.96.77.54.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
NL 185.235.87.184:443 gem.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.192:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 184.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 192.86.235.185.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
IE 74.125.193.156:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 156.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
IE 74.125.193.156:443 ade.googlesyndication.com udp
US 8.8.8.8:53 download2344.mediafire.com udp
US 199.91.155.85:443 download2344.mediafire.com tcp
US 199.91.155.85:443 download2344.mediafire.com tcp
US 104.19.214.37:80 otnolatrnup.com tcp
US 104.19.214.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
FR 52.222.144.81:443 woreppercomming.com tcp
US 8.8.8.8:53 www.ovardu.com udp
US 104.21.96.72:443 www.ovardu.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 52.29.8.125:443 www.opera.com tcp
US 8.8.8.8:53 85.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 72.96.21.104.in-addr.arpa udp
US 8.8.8.8:53 37.214.19.104.in-addr.arpa udp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
IE 209.85.202.138:443 www.googleoptimize.com tcp
US 8.8.8.8:53 www-static.operacdn.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
US 8.8.8.8:53 125.8.29.52.in-addr.arpa udp
US 8.8.8.8:53 138.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 174.85.84.104.in-addr.arpa udp
US 8.8.8.8:53 tags.creativecdn.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 151.101.1.140:443 www.redditstatic.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 88.221.134.88:443 snap.licdn.com tcp
FR 18.161.111.39:443 static.hotjar.com tcp
GB 89.187.167.2:443 tags.creativecdn.com tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 2.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 39.111.161.18.in-addr.arpa udp
US 8.8.8.8:53 88.134.221.88.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
IE 172.253.116.94:443 www.google.co.uk udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 alb.reddit.com udp
NL 185.184.8.90:443 ams.creativecdn.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
IE 74.125.193.106:443 www.google.com udp
FR 216.137.52.72:443 script.hotjar.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
DE 37.252.173.215:443 ib.adnxs.com tcp
DE 52.29.8.125:443 www.opera.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 72.52.137.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 243.174.119.20.in-addr.arpa udp
IE 74.125.193.156:443 ade.googlesyndication.com udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 216.239.34.36:443 region1.analytics.google.com udp
IE 172.253.116.94:443 www.google.co.uk udp
IE 74.125.193.156:443 ade.googlesyndication.com udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 sideindexfollowragelrew.pw udp
US 8.8.8.8:53 technologyenterdo.shop udp
US 172.67.180.132:443 technologyenterdo.shop tcp
US 8.8.8.8:53 132.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 lighterepisodeheighte.fun udp
US 8.8.8.8:53 problemregardybuiwo.fun udp
US 8.8.8.8:53 detectordiscusser.shop udp
US 172.67.195.126:443 detectordiscusser.shop tcp
US 8.8.8.8:53 edurestunningcrackyow.fun udp
US 8.8.8.8:53 pooreveningfuseor.pw udp
US 8.8.8.8:53 turkeyunlikelyofw.shop udp
US 104.21.76.253:443 turkeyunlikelyofw.shop tcp
US 8.8.8.8:53 126.195.67.172.in-addr.arpa udp
US 8.8.8.8:53 253.76.21.104.in-addr.arpa udp
US 104.21.10.242:443 associationokeo.shop tcp
US 8.8.8.8:53 242.10.21.104.in-addr.arpa udp
NL 45.15.156.142:33597 tcp
US 8.8.8.8:53 142.156.15.45.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e1b45169ebca0dceadb0f45697799d62
SHA1 803604277318898e6f5c6fb92270ca83b5609cd5
SHA256 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9ffb5f81e8eccd0963c46cbfea1abc20
SHA1 a02a610afd3543de215565bc488a4343bb5c1a59
SHA256 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA512 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

\??\pipe\LOCAL\crashpad_1132_TLFXUKRXKAVNUDUM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0523e1ab37a0662b7fdcedf76f3fe08
SHA1 fda63a1a9c912a6d56e835b822b3c94ebb0cdb76
SHA256 01e5cec2bcfcbcc8507a0e1a836a239f38f41810988e33174fc4f6b906668c43
SHA512 0f4463331e12f6b620a285598bc497d2f13369409075a29530309452960cf6b6311ae3c28539d13afcc2a727e3957c048f276ffe681a9c5355976d075b9130cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e3f00ca899662f5ed814268bc17b968
SHA1 1391ded178fe002c118eba49a206f6aa51a04679
SHA256 592239cad2ebe4b1a9954291c535d23023f67ccaedd9642de21e82d8e69c7dd6
SHA512 ec8f4069eef462e36f941d1ade0bd49ad167555bba10d9b0800376aff75e76c0b8ca66c851736c8898aa20c688c3159a7af8117474ca3bec37f5aa7d915284c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4e67d9fc55dd9dba4aee0d468ada3562
SHA1 62c05f461e2f756cb6d5911a74a2a6032b61f629
SHA256 8c70482e9b47b7fc58d8b6294ef2ecc2811affb30e46a4742bd8b074bf51ccde
SHA512 b9f8c4b4564eb1376da26e3d75c4c86c9c4964bba768d9e7509d79012e7e8c8592df4c9d0d9cfd0d41a7e106c36f0e210098d81ee20926ba64978bf22758bbac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 35b04490d0be628d5f5ae0b757b976c7
SHA1 747773b5b94958f79c3b1b60d9eb89ba1a7ffc7b
SHA256 32f56eedb9550407ef47bd7c756dfb204fefd18c00f52d827ffdac875d48bc1a
SHA512 2d86c83e72c95c66bfa3866c727ecd15df87c5970b9d3d19bd078f4283d48dc569f9240241acc4df124f49584857d2243e9a24d5015af533cfa33f97a9e2e6e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a13aa331d225cc4_0

MD5 003016eadb12e29d0a28ee309a36bd57
SHA1 ebfc96bfb0caf9f9f0ba0199b4470f2846422066
SHA256 b01976139ed5ac99aee03b8d3795d07c45cd208d878488ad20f53fc1aeb5f1eb
SHA512 602f3ceea81a9f20bb25c9b9c88ae0815c156b8b7ae1b0b2cc981d4a6b024e60ef63fe6a0afde55f755bf2a7487b3c3984520232dd3a1d13c0fe59a35bc94762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 929e9413bef2b468810871e517e712e3
SHA1 51effa52074c70207fedc9301aa324234a4f84d2
SHA256 66642fff9d44847faad8935af5e53303a053184665b646373d86790f5dbb3d50
SHA512 c19d3d9aab65da9539da94e825fea6ffd55761f4ee653e4e387b7bfe33995eb78795ac6a184b74970a226c9b586193d2cac2ac79347cac5258eae7c916af5872

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5794dd.TMP

MD5 7125c0761bd300422edf3932bd5153f5
SHA1 841469dcce99363a18a09ada442d72c5a25ea57f
SHA256 06ac59e44d6a2be0825074fbf1c61640220f1dc26b970ebd0e65e3c430f451de
SHA512 78d20178d58bc1971fc8425fd5faec2e40363e1e9f5b5900f44ff70cd908aefb19570d50f2eb172780842514be85a3cd1a74d08af1595690f0cca64bda1006f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd98a558dd83379cb90265f5af599db8
SHA1 b9aacef3ce5670de4ef3af8de4464c77d2cb4076
SHA256 4892ddc4e4901ec6fef8dc310be163fc3106baaa228a4c4db6780d8a8206e5ca
SHA512 86d2ee747631a7f7d9a5c852cee94993dbc87d0dbff06c35dc87cfe8f285c6c38bb4b7126405df6f4aa39531b193422944c3d138f147a9801410d5d9d8e74746

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f533eaf718952d1e1f9825bf3afbe265
SHA1 ddfc7c0812f88266412d782a82fb962cf944fb8f
SHA256 e2cfdaa52185db44862fc6feaef798d60dfaa748f67ed1bd9b64cd0c8cf74de9
SHA512 2d5f0ccc1ca7ea0748c7e339873df766349c7732f1e57420a622e2b25258e232561aeb23cecb9d26f6eef32f8f239c037913bd68ce8fbe1105546ee7652f6466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 450954da4a323f44833ac54bd1461039
SHA1 11bf390f98419c0f152d65bd9132e3043a217272
SHA256 6382d7784e97f249f5dff4d51f2971801bc9a05f1ffa89425780178399248dfc
SHA512 019937070cb2cd79a571622cb6b2a7e4895f55a2990d0a06e62c6bfc1df6522abb1176808750db88dcfae11f3068ed86507d9c7f674052ec61ba333232f6d8f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8efc0afa0efec4b06533bdf9859d4a5a
SHA1 8f8463d06224eceb714881acfec6579fba17a9ab
SHA256 6a262d36ba5c574e0af5d0822090b8f906d0e42e2faed6df3c85e82121bba68a
SHA512 bdfdf8c847fc1675967c46646e0bd7697c4b4bd47864f2c3aa7d2a522208375a8228111c5ada5fee97222f58d502aa15c4feefcad7dbaa24b460267188527fbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8cee5eeb00ef13cc55f8d96bf6469670
SHA1 4e41de12ed47a3668cc85614dac9892ef8629666
SHA256 00227247aad8e8e8730b12707ee97b03713b9712d298f357433c29b899346687
SHA512 726f05c4b31240fb51f80e37f488687c0817b0f0b74ad180e8a54cfb5792fdb657d616ec335fd4501a092ea16e3a0901337961af1842736ae975aa692dc08a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c66f953e7aa557b34103fbc60bbfb53
SHA1 9d8a2ab43bf3a58681339d8ecb4395da73381035
SHA256 110549d717aa34764524812d37ef6cb3b7ad43a06d10501b328c4bcd039b0cd0
SHA512 5c7a284e42f32f24605fa039a61a562267da39059c36f0d3f9f7fd687b839df96d438a95a9f1c94f5a05d2bd8888338b450a5d9dec29985b6f5a84a644c3cdb2

C:\Users\Admin\Downloads\ROBLOX Cheat.zip

MD5 1d93b1d9849a7d8d7006beca2c37e8dc
SHA1 380af7f6364cd27eb385371dc8aee99c05a62a25
SHA256 cf288c72c0964f4fc6d76b0e44a98a340db0414a697874a41a9a52bd401302f9
SHA512 434d48fc851baab75218ad2adcb630ba550ee200b9ba3620aecf27f6a87e2252cb828d258d154d059f9d2dac07575bd89865c71064d56411ff13eecc7b98314e

C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe

MD5 6f2c4c928bb515d6bcd936c6458e67d7
SHA1 41bea8749e547d7e577f2b3fc680c256a2983d33
SHA256 c6ef15e55aef8d916f53432b2a70d5b9187ec23d7df6a5670e7c608d2124c993
SHA512 15599fd393b26e7ecf58327830906d0cce9ea848b9c55fb732ca50f424532546e99b82bcafc0f69923d17011845274f3b93dff979bf01773697f1789f7a05654

C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare.exe

MD5 0a8c25f5cf0a9ff3736f632402476de2
SHA1 5623d7456b4e361fe4c1c5ddc6ace900a3975d41
SHA256 68708761da8d9aff20faea6b5ce436bf6e4edb4637f636f618ef9876436ebfda
SHA512 25f1d30148241131ef7278537fb6ebf57876ff48a5c71f7f71c6aecacc0386f1fcca1b5468a1ad30172bc1001a210f0494e62e773d62e8f88a7f4e5d5a4bc123

memory/5228-592-0x0000000000100000-0x0000000000154000-memory.dmp

memory/5228-593-0x0000000074EC0000-0x0000000075670000-memory.dmp

memory/5160-596-0x0000000000400000-0x0000000000448000-memory.dmp

memory/5228-600-0x0000000074EC0000-0x0000000075670000-memory.dmp

memory/5160-601-0x0000000000400000-0x0000000000448000-memory.dmp

memory/5228-602-0x00000000025F0000-0x00000000045F0000-memory.dmp

memory/5160-603-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

memory/5160-604-0x0000000000400000-0x0000000000448000-memory.dmp

C:\Users\Admin\Downloads\ROBLOX Cheat\SoftWare(2).exe

MD5 842f7c7750ff34981ecbe18f388512f5
SHA1 a56dfb377c77dac1f123fb794491b072d432d88c
SHA256 cda3a89966be8aab97969312ff57b32d3f1b78d092c2961ba93be29a31cdd8d9
SHA512 4ab6ae15cb5efbaf6f8b63b6f8ae3dc66d7d97e1b13ce1c74251b44e1c56d7115184158c8c31050c4e99ae821141b22b9b63f844cd9cc060a6ffffbf66f8c1c4

memory/4496-607-0x0000000000E10000-0x0000000000E60000-memory.dmp

memory/4496-611-0x0000000074EC0000-0x0000000075670000-memory.dmp

memory/4496-612-0x00000000058F0000-0x0000000005E94000-memory.dmp

memory/4496-613-0x00000000053E0000-0x0000000005472000-memory.dmp

memory/4496-614-0x0000000005520000-0x0000000005530000-memory.dmp

memory/4496-615-0x00000000053C0000-0x00000000053CA000-memory.dmp

memory/4496-616-0x00000000064C0000-0x0000000006AD8000-memory.dmp

memory/4496-617-0x0000000005EA0000-0x0000000005FAA000-memory.dmp

memory/4496-618-0x0000000005640000-0x0000000005652000-memory.dmp

memory/4496-619-0x00000000056E0000-0x000000000571C000-memory.dmp

memory/4496-620-0x0000000005720000-0x000000000576C000-memory.dmp

memory/4496-621-0x0000000006050000-0x00000000060B6000-memory.dmp

memory/4496-622-0x0000000006D30000-0x0000000006D80000-memory.dmp

memory/4496-623-0x00000000073B0000-0x0000000007572000-memory.dmp

memory/4496-624-0x0000000007AB0000-0x0000000007FDC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 774f7b89055deda81bba74794d4053f8
SHA1 bb2e93ae1b931841973dd2ed22d7682b43569afd
SHA256 5c15d583576e8c67425108f68c2bdeca7d9788e7f15366ecb816b747a9aefeb6
SHA512 60f330cd3bd2c3cbf28bfd6198a3ca965835b8dd693aacb42437e1bb8dde847fb4e9b6f07638830b0db5396dab25c8b3f437bd992fe2e8e407c03c8511318204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 17e14828f141cd8b44b7451a84aee732
SHA1 bdb295e188bac345c78f7f46323ceab46cdaaf33
SHA256 73a75ad4a85e6550ede6285344e10d410934f9b6ac757b3c72303e2d9bfa6886
SHA512 353aa934fdecd11076e215f99f01cffe7cb7560fa71ef49fc1af841af9beb7477425b4d024b9ed000185a18f8000a2332ca57911070a7ebbb98089d3a6f54175

memory/4496-629-0x0000000074EC0000-0x0000000075670000-memory.dmp

memory/5228-630-0x00000000025F0000-0x00000000045F0000-memory.dmp