Analysis Overview
Threat Level: Known bad
The file https://download2264.mediafire.com/wz37pq9ajpigjN8GSaquW2qAwfMYu2R5lRCrj7NfsRyqjtgz9nTrgA0_xCzFEhOfdxQDzLL0ku23cp2nWy6wgZD9DOJ2QGjV5lK-rmhq0HdgfVyHOKr0Ti3QytnAW4anPF3Odu2s1LadWQJ70g27OB_YEm0d9m1NeAVF1tDf_CmzKNo/qqzn0ppo5v8fy0w/ROBLOX+EXECUTOR.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Loads dropped DLL
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-05 19:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-05 19:52
Reported
2024-07-05 19:54
Platform
win10v2004-20240704-en
Max time kernel
81s
Max time network
82s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2264.mediafire.com/wz37pq9ajpigjN8GSaquW2qAwfMYu2R5lRCrj7NfsRyqjtgz9nTrgA0_xCzFEhOfdxQDzLL0ku23cp2nWy6wgZD9DOJ2QGjV5lK-rmhq0HdgfVyHOKr0Ti3QytnAW4anPF3Odu2s1LadWQJ70g27OB_YEm0d9m1NeAVF1tDf_CmzKNo/qqzn0ppo5v8fy0w/ROBLOX+EXECUTOR.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2cd646f8,0x7ffe2cd64708,0x7ffe2cd64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17490498197181572236,864574875285216187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\" -spe -an -ai#7zMap4070:92:7zEvent17533
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download2264.mediafire.com | udp |
| US | 199.91.155.5:443 | download2264.mediafire.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 18.154.84.20:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 52.43.212.227:443 | api.amplitude.com | tcp |
| GB | 142.250.179.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.43.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| GB | 74.125.71.154:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| GB | 172.217.169.46:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | prebid.media.net | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 34.120.63.153:443 | prebid.media.net | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| DE | 52.58.68.208:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.68.208:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.68.208:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.68.208:443 | btlr.sharethrough.com | tcp |
| DE | 52.58.68.208:443 | btlr.sharethrough.com | tcp |
| GB | 172.217.169.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 34.251.46.222:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.69.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.219.188.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.63.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.68.58.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.46.251.34.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 15.188.219.54:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | c1ad224a2164fe4ead883bee74c79e3e.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | c1ad224a2164fe4ead883bee74c79e3e.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 172.64.152.89:443 | cdn-ima.33across.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.117:443 | id5-sync.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.152.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| GB | 216.58.201.97:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | contextual.media.net | udp |
| GB | 184.25.172.245:443 | ads.pubmatic.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 216.58.213.10:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| GB | 95.100.244.20:443 | contextual.media.net | tcp |
| GB | 142.250.187.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.187.230:443 | s0.2mdn.net | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | download2286.mediafire.com | udp |
| US | 199.91.155.27:443 | download2286.mediafire.com | tcp |
| US | 199.91.155.27:443 | download2286.mediafire.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | 117.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.172.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.187.250.142.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | sys.ctrackapp.com | udp |
| GB | 108.138.233.10:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | 27.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 108.138.233.10:443 | sys.ctrackapp.com | tcp |
| US | 8.8.8.8:53 | track.donecperficiam.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 18.165.227.109:443 | track.donecperficiam.com | tcp |
| GB | 18.165.227.109:443 | track.donecperficiam.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.149:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.46:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | 10.233.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.87.235.185.in-addr.arpa | udp |
| GB | 142.250.179.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bitchsafettyudjwu.shop | udp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 8.8.8.8:53 | 50.27.21.104.in-addr.arpa | udp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
| US | 104.21.27.50:443 | bitchsafettyudjwu.shop | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5b6ff6669a863812dff3a9e76cb311e4 |
| SHA1 | 355f7587ad1759634a95ae191b48b8dbaa2f1631 |
| SHA256 | c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906 |
| SHA512 | d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e |
\??\pipe\LOCAL\crashpad_3568_SCIYIOECHKBLPVKJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fbc957a83b42f65c351e04ce810c1c11 |
| SHA1 | 78dcdf88beec5a9c112c145f239aefb1203d55ad |
| SHA256 | 7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128 |
| SHA512 | efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86e191305bf65e65954dc43cffc331fa |
| SHA1 | de6899557eb3265635b139d5ec3d92ee8dc02471 |
| SHA256 | 7a9a27f5024edd742440f49c0d843cc35b0132ab20131c845d844bed2e1c91ed |
| SHA512 | 745b29496a5b64e6a576325229342a1cda708d9001153f728ae44b76e35f3b7d12fd932c890d58c6911332f3febb7550d01105eb653f7a1066335fc2d02b640a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
| MD5 | c03ff64e7985603de96e7f84ec7dd438 |
| SHA1 | dfc067c6cb07b81281561fdfe995aca09c18d0e9 |
| SHA256 | 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526 |
| SHA512 | bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4bc7ec627b7f6df49454679862ea8670 |
| SHA1 | 6f147e2096214846244be1c63d2b5c50780c580f |
| SHA256 | 155ce90b8e5c2a40d064e444a3e212083959e4f057c11f52f8a6e3324797b2fc |
| SHA512 | e1d947c4befee93f5413d2a5d817a62ab46418c5394047d5d37f599190a7217601bc8bbbe28bce76f385c34ae7119a01ae5bf63de85007c3993851c9e3f86545 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb00fd4e5489bbaf93336f72ad8158b8 |
| SHA1 | 6c934691b40703b893106ebe6745742e8ad348cb |
| SHA256 | 84567eb151b57b3369070e8ee197a8da90ee02fc7535df0a3784a514a3340039 |
| SHA512 | 7fc960f49b27bd278b5e7a0c82bd44cc7cc7e456bdcf8194140f2863c8f2bc54070141537f92b02d159f7006a4aa9479db711e0f3e4e86fef03b0ffe76777d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a04378802472c37747a9a9a897b8fd15 |
| SHA1 | 54c5f809edf13b193325a3bdbe247de52ee5135b |
| SHA256 | 37dee594adf91d625360280da1d8811c22031ac27d17be590c42a5088adfcd6c |
| SHA512 | 9a4423bfe8586d7045410897dbf12a90cd0f04e331074ddca3f36901ec9dc6d1fdc33154156e83e654efc2b7ba48f4b936d1aa14e35ff8f56a53ecdc9ae729b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca6c8de08ffdb0e394eda6abf9ecb705 |
| SHA1 | 5a7459b8d54e3cd4840a603b5b6334c9348ed57a |
| SHA256 | b7fd37a7805a6a26f0c92de31fcefeee9c1061b128204285f2c18a39966b9953 |
| SHA512 | 4aa780fc09ecec3ce303f6dd7e4e66d18dd45f56464881a7331771da54cfa47ecd545f3ebbb24bf4d9ed62ee6f24e6c42b0412c18f87c52a6e4cc3f3426b3ba3 |
C:\Users\Admin\Downloads\ROBLOX EXECUTOR.zip
| MD5 | 74dc984e169e557091ba25bc347617f2 |
| SHA1 | 67f5f7cb828a4aff5b37cb50b43b5770f28dc272 |
| SHA256 | c6fe767ee05ccd1860141d65c6960bf2e58b7b9f6acfb1d794676697abc87f93 |
| SHA512 | 45bd37fc3492ff2e0a155976a55acedee7a140605339591a4a66e00b24a3eab50d8ca8323e8ec763f6122e7fa4d790b85756bd7682c69292c5eeefe016505dfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 13eca81ee15f6082f1d15bbf884fe4b5 |
| SHA1 | b1a970a9407700868b8d2e42ecc4c3c7b7925840 |
| SHA256 | 5d00a5cadfd98da785933e80e2992e52ff3c84c4189b6646da383cbe10691521 |
| SHA512 | 08a3e3d6858fda05798316107b815715c2222e51d9278bcbb4fd69c80683ffd1630d9e9b032e660112e1c99f99337f7be1a033adeaad898123c6f7a64e39ff19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e4bb856b5ef42f94958fb13b93b1c340 |
| SHA1 | db388b5265743d3eae1f74257a6e32d1bccd2fdb |
| SHA256 | cd3ac3f32afc8e8823630a4fd401164e1b94f5b0716c2b6e417a22269afdcc55 |
| SHA512 | 03d3c223df928fd43ebbf5e85dc349131e036497bb54a708673449d87548326a34dc8d24b2f784de7266e21a90eb4c85996860d9b2b54e2329b472c81530908c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4bcb14536ee6257214dd6692184e8edb |
| SHA1 | 9f726244f100c0a861bd42d9a452266b1a53456f |
| SHA256 | d7cc703d78ee377f77d6ece47a6f70b9551655f2441c53117182af9bf55c544d |
| SHA512 | 0dbef5b574821dece18b90686516911dd6227b08ab8ea1cedea6ed7eeff61ef99d1cb504d4820c726997754804b5bd2642974c925bc8ddd678ad8c679d83bf5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8ef41134303a7918ddae06311e3195bc |
| SHA1 | b01eaf14de26471d1ab9513eaf875f474bd23ffa |
| SHA256 | 966cc7b42350a742fc1e67eb71cc520a2c06e596c984be3fdea155c917756bf7 |
| SHA512 | 0cf63f2b80db663c9c40a611de856a44dde2470c72b1f252f605f1d8a8444cdf25a69d7196e807eb35403a2f1c88d2bd26fc1c277bd470770f59375d6c6a12c6 |
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
| MD5 | d800a3590b4c74280d5e2644924acc9f |
| SHA1 | d0520ab9c79bed8a2daa2212fb74576dce485fa2 |
| SHA256 | 90a8c5dd171ab92c15dcba18c00fc850044373dad9aec5d2599d7487b65f14a5 |
| SHA512 | 782588be632ba779c4c846aa9bac98d978c49e528ccb2b962820b7810e90194f665c1d0f49153f2aada548b0456075ad0ae921db2fcc7c9b27c0c736f57b3866 |
memory/732-501-0x00000000006A0000-0x0000000000748000-memory.dmp
memory/732-502-0x0000000005030000-0x0000000005036000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | 1f0fc020b7cedc79197c4e24b1a92016 |
| SHA1 | 3698dde19a547cf2ba36022d84405c5a2f77509e |
| SHA256 | 27504a021fb620542e0d7a56095c9e8a4dec35d5b3484e7303683c8f314776f8 |
| SHA512 | a98972dafe581036ba936e750b7a338a18ecc17d93847360d212bb8b9ce55d966dbd6f65edceb2deffc231795b1ce84de9bf5b95aef92d99ae8055caf321c9f1 |
memory/5260-509-0x0000000000400000-0x0000000000464000-memory.dmp
memory/5260-511-0x0000000005E00000-0x00000000063A4000-memory.dmp
memory/5260-512-0x00000000058F0000-0x0000000005982000-memory.dmp
memory/5260-513-0x0000000005990000-0x000000000599A000-memory.dmp
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
| MD5 | 291f4d80b5103ef4bfc629929b1ba761 |
| SHA1 | fcd844347d6bcb708a64ac0fb0ac6ae18cedf4fc |
| SHA256 | cc8c406dc36f27c1645cfe2614b231a005cb01091e10433744420b20174cda0a |
| SHA512 | 14b38684c2a8974557110729ddd4c9945ddfd5d7029e3d24da879bd4c10166b2e11c2cadfb1faf08ff11ff737c427278e82829cc892f6e42e49ec6afda69a895 |
memory/5568-517-0x0000000000FE0000-0x0000000001086000-memory.dmp
memory/5568-518-0x0000000005770000-0x0000000005776000-memory.dmp
C:\Users\Admin\AppData\Roaming\d3d9.dll
| MD5 | e4b0860bacee7710415f26ef08fa80f1 |
| SHA1 | 171f6c90458a742bfd010468a284c9547ac01a24 |
| SHA256 | 839ce601d5bd5d6352ccd4a600c14be61662977e0757a7b8ae457bf789691cf7 |
| SHA512 | 7f8ab0326adb3cfbbead879011ca26b54964701ebe1d34fe2f01fdd363b999393af0d03a64676cb8a399cbb2c79c54ec63f6c5aab042006d05d43dd4d52e9e82 |
memory/3212-528-0x0000000000760000-0x00000000007B6000-memory.dmp
memory/3212-531-0x0000000000760000-0x00000000007B6000-memory.dmp
memory/3212-526-0x0000000000760000-0x00000000007B6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 74c7f4825ba90a45584c3c2bc540cb81 |
| SHA1 | 24dad800b9e2f263f67f03a391c3c91e3285ce22 |
| SHA256 | a68a6a75055d51936e97b91150d5029fb89854ee6e3c067f638340122c9e5e69 |
| SHA512 | 1ea47c9df184ca8e681105cba6b8c0bb6767dd1d0d372711a29057d29d17e876bdf176d9b8222a99e5d8d70b43e8b5d242b5f18c8468e8f607696cc14901123e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\software.exe.log
| MD5 | 84cfdb4b995b1dbf543b26b86c863adc |
| SHA1 | d2f47764908bf30036cf8248b9ff5541e2711fa2 |
| SHA256 | d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b |
| SHA512 | 485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log
| MD5 | 7ebe314bf617dc3e48b995a6c352740c |
| SHA1 | 538f643b7b30f9231a3035c448607f767527a870 |
| SHA256 | 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8 |
| SHA512 | 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e |
memory/1620-554-0x0000000000400000-0x0000000000456000-memory.dmp