Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/g0d6df68cz7migc/Roblox_cheat.zip/file was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Lumma Stealer
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-29 07:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-29 07:05
Reported
2024-02-29 07:09
Platform
win10v2004-20240226-en
Max time kernel
218s
Max time network
224s
Command Line
Signatures
Lumma Stealer
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1552 set thread context of 4576 | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 4668 set thread context of 2788 | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 2320 set thread context of 3860 | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
| PID 5588 set thread context of 5784 | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{81C8E751-F72E-428A-95C9-C45FEA9B859C} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/g0d6df68cz7migc/Roblox_cheat.zip/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4756 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4712 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4528 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5992 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6228 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5416 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=1320 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6700 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6552 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6968 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=7212 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=7044 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7084 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6112 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=8172 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=8320 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7108 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7452 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7148 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fff77ac2e98,0x7fff77ac2ea4,0x7fff77ac2eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2236 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2660 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3516 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Roblox cheat\" -spe -an -ai#7zMap2325:86:7zEvent22306
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4008 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4608 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4640 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2144 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5272 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5264 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5524 --field-trial-handle=2244,i,17105838980355961159,11835320340507917140,262144 --variations-seed-version /prefetch:1
C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Roblox cheat\settings\profile.settings
C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe"
C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe
"C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 88.221.135.81:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.16.56.101:443 | static.cloudflareinsights.com | tcp |
| IE | 74.125.193.138:443 | translate.google.com | tcp |
| BE | 13.225.20.11:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.19.214.37:443 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.75.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.56.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| GB | 92.123.128.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 172.64.192.4:443 | go.ezodn.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| IE | 209.85.203.95:443 | translate.googleapis.com | tcp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.149.31.31:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | tcp |
| IE | 209.85.203.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| DE | 54.93.115.102:443 | tlx.3lift.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | udp |
| DE | 18.194.246.148:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.246.148:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.246.148:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.246.148:443 | btlr.sharethrough.com | tcp |
| DE | 18.194.246.148:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| IE | 74.125.193.104:443 | www.google.com | udp |
| IE | 172.253.116.94:443 | www.google.co.uk | udp |
| IE | 209.85.202.95:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 138.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.20.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.214.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.89.181.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.192.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.31.149.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.115.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 95.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.246.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.193.125.74.in-addr.arpa | udp |
| IE | 34.246.36.174:443 | bcp.crwdcntrl.net | tcp |
| IE | 34.246.36.174:443 | bcp.crwdcntrl.net | tcp |
| BE | 13.225.239.9:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| IE | 74.125.193.101:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 52.211.99.1:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 174.36.246.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 1.99.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| IE | 209.85.203.95:443 | chromewebstore.googleapis.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 96.16.109.9:443 | ads.pubmatic.com | tcp |
| GB | 92.123.240.21:443 | contextual.media.net | tcp |
| FR | 35.181.89.222:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.109.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 172.253.116.132:443 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 132.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | download2346.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 199.91.155.87:443 | download2346.mediafire.com | tcp |
| US | 104.19.214.37:443 | otnolatrnup.com | udp |
| IE | 209.85.203.95:443 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | 87.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| IE | 172.253.116.132:443 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| BE | 13.225.16.60:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 156.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.16.225.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IE | 172.253.116.132:443 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| IE | 209.85.203.132:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | tcp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | tcp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | tcp |
| DE | 141.95.98.64:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 132.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 155.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.98.95.141.in-addr.arpa | udp |
| IE | 74.125.193.104:443 | www.google.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d69bbd04f75157676d2510cf5b4b926c.safeframe.googlesyndication.com | udp |
| IE | 74.125.193.104:443 | www.google.com | tcp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| IE | 209.85.202.132:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 74.125.193.106:443 | www.google.com | udp |
| IE | 209.85.202.156:443 | securepubads.g.doubleclick.net | tcp |
| IE | 209.85.202.157:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| IE | 74.125.193.157:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| IE | 209.85.202.156:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 172.253.116.95:443 | ajax.googleapis.com | tcp |
| IE | 209.85.202.148:443 | s0.2mdn.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | 106.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.116.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.202.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.217:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.238:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 155.193.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 20.162.145.158:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 158.145.162.20.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| IE | 209.85.202.155:443 | securepubads.g.doubleclick.net | udp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | 142.156.15.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| NL | 45.15.156.142:33597 | tcp | |
| US | 8.8.8.8:53 | sideindexfollowragelrew.pw | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7538b5adc650a4d3d8496eda00d7dfb9 |
| SHA1 | 1ef2750bafe5b6f4a04439ed9a0f047b9fef3703 |
| SHA256 | 2d719dc59f89162df773142cefaa76799a905096752038738c7031e283121ce7 |
| SHA512 | 0e5c0914d73a78ba64d40cdd601b44d73517ae3f40692e106f8104243ea70d8c735f7f7ca6b5c9e170cfa66fa0ca0b19153e80fefea8699b65ff162c60c7c88b |
\??\pipe\crashpad_5744_HOWVALEBBNMAMRPQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23a0a67b9ae5ca1e6c97380d8648619a |
| SHA1 | 2fcb847e1d1e656578403b995ec0fd06ea30d04a |
| SHA256 | 9086737c1009d78d606a92f102b2bfdc8a77513f89e9954b4dbc57d2e042180d |
| SHA512 | 620cafa23267e23bbb2cb25024b04662d9c8420bfa3bb97ecefa7be5e0805638a882b4423bdb337036ccc4c20ec81395eef53c63acdc90eaaea7ff2c51e246f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d4f33b86e45f4ec3fa940ee2d4d66573 |
| SHA1 | eb1eeb3310f509e40eb3d50d4d02bb63bbf41a3f |
| SHA256 | 0ea797e2ae69ff2ff8b613f5ea3bfc7909302f0d186e4fd45a033893ab30d83c |
| SHA512 | c3040efc8402d4bef06d16da108a4d34af5ca2cb84fc57d8a0a2991c81c816c2a6e25de2f683c916dada41c3facbe10145e073e49d248354fdf6a8dc3a227de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 11ac10e7b5b0e0b836a358d9b49f0b46 |
| SHA1 | 3eef763269dd5c8a6292f5c431238b18d36ad9e3 |
| SHA256 | df3e11df27b5b674f2c7ecce0a5552c03740e109ba3b228985c3cbe91fcf2659 |
| SHA512 | 6e574c39a55a7021e95a63c70af5d781a5d800fe275278313003b368a93887a1ccc445d794e63b621b5b84bf9fe1a4e066bb817497f6a8696f6646a4da7d5191 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a39317bdc839d8e30f4f21c430795dc2 |
| SHA1 | dbd4429080b7908ad66fb302bfa0ea65cdae8f31 |
| SHA256 | 3debc6526d02045af5587e55d838c31bca0162b8ad5c8a1a5bc3d32bf50facb8 |
| SHA512 | 02fc73d795960754b2aa46294d7e72179ca2d97c068df0f1bc3dff1bdaa5346e51ddb94d74d002b4d8027488f96d4808e4343da59fe9e0a34008ac3b682f5ba1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\Downloads\Roblox cheat\SoftWare.exe
| MD5 | 9fc39dbf000b5f3e86e13af3a9b77c76 |
| SHA1 | f8eada249c00a618a6ba4ab3d272fe776ca44d54 |
| SHA256 | 02d0b2caf285ab043358a2ae582e6bcb282de781cfb46b0130f1fef36f6e9a71 |
| SHA512 | ca2dc554f7cc0fd29dd5cd782c5d872cfd4573a1988c605eed36dd419ce2f327ca305ce7d347b132b83659814d19f0ec1f247e8c8b7ee34e30b86b7f3987f76f |
memory/1552-139-0x0000000075230000-0x00000000759E0000-memory.dmp
memory/1552-140-0x0000000000EC0000-0x0000000000F14000-memory.dmp
memory/4576-143-0x0000000000400000-0x0000000000448000-memory.dmp
memory/1552-147-0x0000000075230000-0x00000000759E0000-memory.dmp
memory/4576-148-0x0000000000400000-0x0000000000448000-memory.dmp
memory/1552-149-0x0000000003370000-0x0000000005370000-memory.dmp
memory/4576-150-0x0000000000D20000-0x0000000000D21000-memory.dmp
memory/4576-151-0x0000000000400000-0x0000000000448000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d83fe8783df191aa388f578ab31c8604 |
| SHA1 | f4cfe08fd6c4c0b9fce2cbe808a8ff4dbefbbaf0 |
| SHA256 | 0d772f3ce231cc77624132877c6bd0347769fd564050770a0a6cdbcf58de93e8 |
| SHA512 | c7d4d6e57969bbcb9af3c9cd2e40975d9d0035e9b39a55a845bbc721fd106f3c6fabda9fea6e63d21d00c67a6821f88096493e3eac1e2c895309cd82f78bb2cc |
C:\Users\Admin\Downloads\Roblox cheat\SoftWare update.exe
| MD5 | 96f38c4ec487f995985369153a71e2ee |
| SHA1 | 1ad2132023cd5db07caa3b7be4184f1ec7540e45 |
| SHA256 | 992bc4b4c46cb389636b08e39396144c41f6f6b3ae5bce8b690e46ef7c233367 |
| SHA512 | eaf2e2c61b259ce1e2db1ef5caa2af15459948fba72be2c91759f18c934f634bd889ddb504d9125ec1d3c6958145926464d5fd8611a3d1b2712f3e20814ae26e |
memory/4044-169-0x0000000000B40000-0x0000000000B90000-memory.dmp
memory/4044-173-0x0000000075230000-0x00000000759E0000-memory.dmp
memory/4044-174-0x0000000005D30000-0x00000000062D4000-memory.dmp
memory/4044-175-0x0000000005690000-0x0000000005722000-memory.dmp
memory/4044-176-0x0000000005950000-0x0000000005960000-memory.dmp
memory/4044-177-0x0000000005730000-0x000000000573A000-memory.dmp
memory/4044-178-0x0000000006900000-0x0000000006F18000-memory.dmp
memory/4044-179-0x0000000005A70000-0x0000000005B7A000-memory.dmp
memory/4044-180-0x0000000005900000-0x0000000005912000-memory.dmp
memory/4044-181-0x00000000059A0000-0x00000000059DC000-memory.dmp
memory/4044-182-0x00000000059E0000-0x0000000005A2C000-memory.dmp
memory/4044-192-0x0000000006350000-0x00000000063B6000-memory.dmp
memory/4044-193-0x0000000007170000-0x00000000071C0000-memory.dmp
memory/4044-194-0x0000000007690000-0x0000000007852000-memory.dmp
memory/4044-195-0x0000000007D90000-0x00000000082BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3ccae59957ef20444fa77dc5329b4a5f |
| SHA1 | fba449106c96a1921f57200a4c3beac0283f4507 |
| SHA256 | 024aca60528eb1f62303e6b69c8934a6ec59cb90af62b2fe85e342f6bcd5c148 |
| SHA512 | a9141d80d56312b136d8b61372d5589248599b7a00b2abd08c5e75610413fa0240dee24b4d5e17c41ed3fe596bbed096c50c3154a5d0087a28bab968e25af562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
| MD5 | 66c8934a432cd78af68a16ca4070d5fa |
| SHA1 | 95b98f0e2eada2483af3528d7371b14a2556848c |
| SHA256 | 923675011fcd1da2156b15d9c1789bfad934ce822069cf237fa7ac1c9ffa71f3 |
| SHA512 | 6d15ab2eb5e51a48cd4352a7820c29e8e7ff3bbbee998fb753e11ed7b463d0b8c4937bab8129b5277bbf7e867ce99c46e834f53e7e14b0c2438a89bb689428e3 |
C:\Users\Admin\Downloads\Roblox cheat\settings\profile.settings
| MD5 | fca8f5239fc34cdec1b818187c45677e |
| SHA1 | 90928f3d1cca0586c1521e342deed9f0e66632c9 |
| SHA256 | a095c83dfcd9371e7aaee0561357199eaefd8b65111b694aa940d84ef42bd508 |
| SHA512 | ec212239d71e8c5623bb3acc97aea09831d7bc668c526504c046bb38d90988a3a0789d50cf0a11d9f415f4cbc9f5ca29e4be6dbc2bcb8d95c95b18e52b4cd9c3 |
memory/1552-199-0x0000000003370000-0x0000000005370000-memory.dmp
memory/4044-202-0x0000000075230000-0x00000000759E0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SoftWare.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
memory/4668-207-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/4668-212-0x0000000003050000-0x0000000005050000-memory.dmp
memory/4668-214-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/2788-215-0x0000000001290000-0x0000000001291000-memory.dmp
memory/2788-216-0x0000000001290000-0x0000000001291000-memory.dmp
memory/2788-213-0x0000000001290000-0x0000000001291000-memory.dmp
memory/2788-217-0x0000000000400000-0x0000000000448000-memory.dmp
memory/1280-220-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-218-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-219-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-225-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-224-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-227-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-226-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-228-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-229-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/1280-230-0x00000256FD9E0000-0x00000256FD9E1000-memory.dmp
memory/2320-234-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/2320-240-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/2320-239-0x00000000031E0000-0x00000000051E0000-memory.dmp
memory/3860-241-0x0000000001140000-0x0000000001172000-memory.dmp
memory/3860-242-0x0000000001140000-0x0000000001172000-memory.dmp
memory/3860-244-0x0000000001140000-0x0000000001172000-memory.dmp
memory/3860-243-0x0000000001140000-0x0000000001172000-memory.dmp
memory/3860-245-0x0000000000400000-0x0000000000448000-memory.dmp
memory/3332-247-0x0000000000F70000-0x0000000000FC0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
| MD5 | f57bf6e78035d7f9150292a466c1a82d |
| SHA1 | 58cce014a5e6a6c6d08f77b1de4ce48e31bc4331 |
| SHA256 | 25a36c129865722052d07b37daa985a3e4b64def94120b6343fb5a96d9026415 |
| SHA512 | fa240d2d26370589457780269bae17a883538f535e6e462cc1f969306522526faacd314d29e78f71902b799046e4395c86c34007d2cfee5090e01cd72150675f |
memory/3332-252-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/3332-253-0x00000000058B0000-0x00000000058C0000-memory.dmp
memory/3332-254-0x0000000005D80000-0x0000000005DCC000-memory.dmp
memory/5588-256-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/5588-264-0x0000000003030000-0x0000000005030000-memory.dmp
memory/5588-263-0x00000000752D0000-0x0000000075A80000-memory.dmp
memory/5784-267-0x00000000008D0000-0x00000000008D1000-memory.dmp
memory/5784-266-0x00000000008D0000-0x00000000008D1000-memory.dmp
memory/5784-265-0x00000000008D0000-0x00000000008D1000-memory.dmp
memory/5784-268-0x0000000000400000-0x0000000000448000-memory.dmp
memory/2320-269-0x00000000031E0000-0x00000000051E0000-memory.dmp
memory/3332-271-0x00000000752D0000-0x0000000075A80000-memory.dmp