lumma | hxxp://mediafire[.]com/folder/a5rrxy5i7xgq7/ROBLOXHACK

Analysis

max time kernel
196s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mediafire.com/folder/a5rrxy5i7xgq7/ROBLOXHACK

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x0007000000023f23-1179.dat	net_reactor
behavioral1/memory/2656-1218-0x0000000000F00000-0x0000000000F62000-memory.dmp	net_reactor

Executes dropped EXE 3 IoCs

pid	Process
2656	Loader.exe
3016	Loader.exe
2288	Loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	mediafire.com
10	mediafire.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2656 set thread context of 2288	2656	Loader.exe	132

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3568	2656	WerFault.exe	127

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808394681938134"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe
1544	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4072	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3308	7zG.exe
4072	7zFM.exe
2012	7zG.exe
1092	7zG.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3172	OpenWith.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2532	3124	chrome.exe	83
PID 3124 wrote to memory of 2532	3124	chrome.exe	83
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 5072	3124	chrome.exe	84
PID 3124 wrote to memory of 4312	3124	chrome.exe	85
PID 3124 wrote to memory of 4312	3124	chrome.exe	85
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86
PID 3124 wrote to memory of 4880	3124	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mediafire.com/folder/a5rrxy5i7xgq7/ROBLOXHACK
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcdeadcc40,0x7ffcdeadcc4c,0x7ffcdeadcc58
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1584 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3060,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3644,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3028 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4016,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5296,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5016,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5476,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5508,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5872,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5916,i,18375164433240059538,4626303869189902570,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2228

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2316

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RОBLOX EXECUTOR\" -spe -an -ai#7zMap29779:92:7zEvent10014
1⤵
- Suspicious use of FindShellTrayWindow
PID:3308

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3172

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RОBLOX EXECUTOR.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4072

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RОBLOX EXECUTOR\" -spe -an -ai#7zMap11329:92:7zEvent14737
1⤵
- Suspicious use of FindShellTrayWindow
PID:2012

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RОBLOX EXECUTOR\" -spe -an -ai#7zMap11572:92:7zEvent11689
1⤵
- Suspicious use of FindShellTrayWindow
PID:1092

C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe
"C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2656
- C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe
  "C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe
  "C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 144
  2⤵
  - Program crash
  PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2656 -ip 2656
1⤵
PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9e930267525529064c3cccf82f7f630d

SHA1
9cdf349a8e5e2759aeeb73063a414730c40a5341

SHA256
1cf7df0f74ee0baaaaa32e44c197edec1ae04c2191e86bf52373f2a5a559f1ac

SHA512
dbc7db60f6d140f08058ba07249cc1d55127896b14663f6a4593f88829867063952d1f0e0dd47533e7e8532aa45e3acc90c117b8dd9497e11212ac1daa703055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\02a61ac7-0732-4a86-9c18-8b5974b15d60.tmp

Filesize
10KB

MD5
80e3b08ac8c38369b69342adb85a3962

SHA1
71d61d73b345175ed1e759a5f2b6051415466c9b

SHA256
be97c2bf70a9568fe8322d026347aada0fe259bed20dd7a4c00db4fbb939fde5

SHA512
525c64c61d0c84b0752375b8cfc677eccf04290f21cb9a1ceea682e2e925cbdab463575b99b1647568ba0054d878b6b655fe765bacc78ddf5bab59e7929febad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86c1ee8050ac4dc83fea84193b629c05

SHA1
38156e11586ae728e68ac706ea85be267d6c9e2e

SHA256
e205951b927dcc75438d6a7308c022ccc2aaf77b73896d812863ac954b80e72a

SHA512
07cc0f8de0c70890dbe343862ae79a70949fc8a451cffde7277e208f149654b90eec2d8d4363073693ed3e5401ff0ab604845f97114e9dda007e9be28cfd9958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a55aebf7b8660468d81bdd249d06c98

SHA1
fa9b35a74f1140f4c3cded11d9bac8354b57bcc2

SHA256
d723744cf8794a241e64e7d70c5b81fed494a42a49a542027c95a63a5d90e323

SHA512
486823eac5c55a95f9044ff03464563104bbe26332ffec60dd4699bc35c2f9b828040045ca22271ec1ed3dd04d82112163839a145ba0b9fe2cbef88ef601d72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8fc85374b7b75ad76f15e38c127fbfbd

SHA1
71553ce12554d9e5bfb387d8b860b15c32fa0382

SHA256
e8f1637432a8fcd1fc1196fd67c108e0ea02dd394f5a39e6f59a7116f274622b

SHA512
bca1bac8cfdc43e2d77c9e1da6ff51b46084d94991317bcb567c614bb893553febd0b84b0f665baa4fe80202bf8620025b282428b6858833ef2db3aa213f1378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7364a5dfea1b3127a1272a0d73b35ba9

SHA1
b5a6caab29dd387f893ccd8f40412b5222e0d863

SHA256
3b4bb028e8e35f72ceaffb0fb5445ced87dc82518f271b7d9be996854fe89066

SHA512
18eb9b15cf3154b874de29f46dd3170136b4f24f7eb0f444a1d2f669ba4f2edcb3791928757e60f00552691512d887011281122812e941a6c9df7f462d3a3fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
e9025ec1de160a8e6042d39d383fc37f

SHA1
0db11555c93e0761d2c82dae7aff824a7e15427c

SHA256
8ed98249ad1c9794192bf239755003df9a525e1f2ab3bad69dfae57478d82ecb

SHA512
4799876c7e55aa407b8bc94d0c0cb81460016f54021def4078a41f4c0ae92d3fd8c336c7ef9b77049d3626662b4e0c0af675cf721e789c44fcf8a3975788e8f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bc30da824ca4a3f4b4781cb57ddda331

SHA1
51be89966a4a8ae52d0aed4041fa7b8108cbcda4

SHA256
5ca0d31fe28ce30d6a6132dd2ef0b8778ed35a088afd2b83825fa31466ad5174

SHA512
98df8a83064b61fc344e2ecc0ba187c90ede323d70e9369e4a88f20cd608f5aa93d359bb0d96ddd52e646ab3d551a61793401ab24fad5c026331ef5bef21a0c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
99ab30fb1784cea4cd87986cbba5939a

SHA1
2fb5634da069f8e021b9560cfa00492173f55bac

SHA256
55ca20de20559d92f7d67f353c118cd0d460f85d51490435f47daa59ff9a8660

SHA512
df1bf8905c3be62fb4952e6ab305e390b3ddfde7ee8bd62745e0b979dbeb849a2a848e2ed02d9bf3db7f4638865ac4f8bad36dd9d3387390a4df170c2ecc4962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
c40e5e10b2df9b0bce160436c3024d05

SHA1
aebd402a63f5e70a18a71a714ec9f1fd99b1adec

SHA256
9430dd561d0e3a27bc14de3bd2611fca800a2195bd8da104ea6f4682eed9640b

SHA512
5c0a9749c9d8e5fd804e110b56675cb3db43e857d565334a8a02928bd8b057762cab534c5306c3fc4ebd7727796db85ff50c188ba92cce85b6982d17c03ddcfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
a4758879020b3fb2e262a07859cd45d2

SHA1
985a5a53266358110809de5cf57c5362f30c20fa

SHA256
d0f43bdee8623c4ca575f5045d163e39ff66673704d946960426231b8e6104ba

SHA512
85216414919183ef81554a423e4040d8768e3a5328b1227bd799ad53f886b28b3c72947b2f1f953ffe2ffda12f2ff46d0de685ef4d1f84f68b27ac6fe967e69b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f195e73196b5819058ed2cff4dd25eba

SHA1
4c28a6525e227c2bf7273214bf4c957f23a87090

SHA256
3be79253c8d1a004cad0e876cb9e3137fe15d16d9df161f59c77eaeb4f96d9ac

SHA512
28c525b9abe849e230f491890ab0be694cc41847bfdc20e2acb82df846b3ae5bacacf4946813dd28e519bcc15f2bcbdfa7b22c86e75b9e61df596871a13933ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a3ee20ad7cfed354f46220affdb8eeea

SHA1
541e00b1607454363a3d1401d0b152e4030ade30

SHA256
ae0469bf99f1be3ca832fcd477f72fbebf219e5d1419b2ebd3d318df3c7141ec

SHA512
1fde7d3db709abcbe70f89f7fa98e9926a937aafa63143062c72dd5bc78251e6576fc9394a40ff97d3d8addc35006d2b9a87a038aa2196a25c6babfecc859ad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5559eebd4d8019831ba894c5a538570e

SHA1
078b7944a1aa9f78fbe4e032aaed805e4ef803c1

SHA256
86ece63bb22bc5927512edb7e7a95dbdecdf2b061a49cd732215405983cc0bbd

SHA512
9be62d4fbef2f9bfe857bc611379c6c007f717653e896db30d0489997811b81fdb1f98d355db6a1b382404a343809aa0f1cd97d93515395aa3975df0f9a70cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfb82f9df93454069129083a27298474

SHA1
f1af117dc24d355d67d58bf84acfe26f4220c307

SHA256
4a339e87a6f6cacd1fb6964972d69caed0ad86d115a12a709e627f5acdf83a5e

SHA512
2391ca564c8579e0d27678ded0c83ecd81de4e9ed5df2b4bcdaf499ab43524538f33001e78815857840280e1b2db80a395d5ef1f2b8c538d5730194a62968d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
199b5474e91e947744b1f8fcd3268c9d

SHA1
bf4afd1219b51369bcd93a95a8412e397501f84f

SHA256
56ac8ab52578cbe494d9a7f47466125f23de4fe51a73046d23114922c6467802

SHA512
9cfb3ceb4b845185c8e8083a1772af3324cf966e27bab5158c73eef801d0aee486026f2a60d4badecdb93840a1726392c8dd171d3186f96f48069be25c4136d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fba408070fdcdcbaf40953eed1b746d

SHA1
168d80ba85e4bcd621b87d72a85046c025aa11f3

SHA256
01ea0406d9582a6c95055966175cfef124c925ac8aff1fcc3f3715bc75b2df7c

SHA512
2749d5384717581421a8107086521eb5f70ea9f8b17792d13ef317e47254070b8358579a78553642d91b38b9f121c1b790d43c4cfd1f6625b6ce172c55b0c4ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
942d5bb474991e2436883e1d48671a66

SHA1
c33711de734f26dbc8005b7ee9319416b00d6b39

SHA256
d0a5fb38f9dfa9fcf87d20aef1891076294053b3449719a5ebde833e47a25c1f

SHA512
8d4e3ec5d26b45ff2dfac39e37b45be39bcfb5f2982a7409a569045eaa90493f7bd5d63e532cd01d19516143d436039c526145a5e0c122d9548c54f043d16023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07f912b51ddfe2656d6f2293252ede19

SHA1
6c9725f176be6d2897d07d5e212a8e50e550dd73

SHA256
13622f639f05af25e7f60c7cfa9e5bed9fca970b9d40392966b0e96eebbc3ff6

SHA512
1787e8156013b7c65137ac76fd0c7fe7d877a252c8641b6169c1b8c46e6e029bc0553a9ed756926174fe5adcfae0ad3c9c3eac487882a4696dbe98812b11e09e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c989fe90f001f9cf83a6d766c139365

SHA1
f8dbaf8021aa809cac0c002983c2ac136b0c6951

SHA256
febea926ac2b46ffa3b218ee96403b9c8d00d5732ec32756e87f33ed7852b9c0

SHA512
363fff68654dc2138f7bf774b31b9720be631fd449d207ec861fa0ed01e220d57c3f3959943a4b53cfd73d39b2d26b6c8282da7db3dc396f3397c9e5f5ed8a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9d8d552d2026b5112fc7f4616222c10

SHA1
f9c10b3717c2d5b654dddbc335b5c88bf106cea1

SHA256
82aadada1741d33b91f330bc6f9ae39a17f908dd740593467e387f5ecfcf02b5

SHA512
764b86a8b21ea45dc7db12e95d8c2d47c2d159d1524388360466b5fde7c3ebf6a70b4073315048d252ed1718d0ab3c45dcf7bdcfd8a50eb0b81f50e53914779b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4a06d5a555c79e594742418f854b47c

SHA1
ca6d2ddfe0647a4ca114f35f90667a88611efcc5

SHA256
fb31652b08b678085547ff1eac7f2a3896fca10adc6042d76a41f227257a4152

SHA512
f3dd1da04cf44dab8935db82c59c826deea76986c207b5bfedd33b63fe7e5e240f4e867e4f54e1047a03f5b45735e148bebd9dfb3682d1f9572fa47ad0bfe58f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8d051a1cb1e7f48633d1a888c02241e9

SHA1
64045442b4a30ce0cd7fba3da2ec1e04bb1a7fa7

SHA256
fbf34a000d333c761d7a6478ca38b8205868335e99ee9cd02e63727f9df6e5c2

SHA512
b9b79f6371436ebb466b2935eccae32fdc3bb34cd96cc88377574c4d151ae31dade9d1bacb2bb562957e99e3cb19126e79ca460a51d33f24d1421c2477c56b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ecb594654536b555984edb3dac203f88

SHA1
a5e6196662c3459a87f0daae3e630ae803bd50b2

SHA256
edee17cbe6f338c5daaf03ed8fdee77312c8d2f504865ea21b98957cd03499f0

SHA512
57ada088398dac3728757a80f3cf75418c1cf0af89772b6f1974b8f239e31402819eed0562ef03cf2867d59da4b979370e56a136f4afc3adad52e6db7fd562c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d6a7f81ab4920789761cd70d7b56214

SHA1
b686a97d6055caf821a63d92ef5e1de46f579208

SHA256
39ebe22f0f277e10103d90e2f62fdd5d48d80013e4724ffa542480b761f8774a

SHA512
726ace18d73f3437bf3c67e74ffe4daeace18243a87961136efa6516878a71fc2dda9643872321525e2e5391b669925d16b5316dc2e4bf1324ff9988c5228c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
15133af37612f61e680269b9cdc6c778

SHA1
bfbc9d834b7d8102f2199a2353230c93eee7a58f

SHA256
ab058da77d189fb4851b3e3295a0bf0d1edddc7fd80f9db7da3131affd3c35d8

SHA512
7958103d0a9e71eeeb7f235aa283b02ce35dc6d476b863b597574da2f6f38404941952fab7acc1a89ef5241e501a52dc5ebb1d24267b416f4d00f5d19d3db575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b02db34a76fdd9709328a7204e48db12

SHA1
f820f32f2b4004867bdec5f9a67fbe799c4887d4

SHA256
bf2ba310c45d22322cf6a379176363a1a68b0a9d9ab297c51b68264594d46dcb

SHA512
ea993ecde65936a9f1bb8156a04744d041b5c43f647dd96fc4d0b67c404c143215070e7510114cb880f2144576127f22e386ef8cb51c2277969e848a440fcb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
925521e016ad05e6d62db98be88af6bd

SHA1
34821599c855a6bb28a310e7bf03b7e5267513b7

SHA256
911fbee7018113550a0679c1188dabdde6069e1ccfc0c660cf0c9a30bb4a3c09

SHA512
db95d23ad1d28cc24e724ef3dd9583f458ffa07440534288a21d71bd7f66d83cd7142a7f87c84c085cbd1b39e67e0685b0597ba1e11689baf2b9453fa5a6632f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
83df46852b8f554aa915da3421451bc1

SHA1
ece23ce61c46ebb1ef9347f0871d60a63e70d982

SHA256
4fbe465ce3e1ba181c797f00799e2837b4552684b54d976b4102607392a64cbb

SHA512
b7c3bc9693faed1ca20f0fdbab216563d0d620a6276d46469a15d1498f64db0ede5bbfdbcc9ef5cde2d83549c388e1c2c37abecbffa224471b375eb5f9f73633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
26524a5b681dc2f11a715a53f9d984b5

SHA1
7da4b3c376b3d7b27f315eafecc336f4208e1bfe

SHA256
e7b58916ab49dd9643425a5141cfd67b00c7200ad172b6fc2063af7399cb2610

SHA512
bf5f891a2a9303f6c596003bc73de60727795ad1f708c0fa241a7a8b148dfe984784df661c8c7a737e6b8f71377acab15718eb53effbc461cd816df9bb05dbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ad6cc36443f2e365a6e71b43a837e645

SHA1
fd465f749c0e581daf02a4b93d9ecc542fd7b594

SHA256
7d7a9d287f7dbc65cb5fdae63c9a54649d52e083ef4f9e1270c68ba9fe49d437

SHA512
69e9754cbe2a7feda3ecd777ecfa1a34e7c9d15529e4237bc6b2b8912a632e4a2f9729a2fe4058748632d5e609a2b942a14e85224f16b8a9e1edb1785f84830b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e86a35221d7d9acf772da8f2461aa811

SHA1
1013da8a3d99b68db3724be588df182801ead871

SHA256
e7633647d6934115d23061767245b097bc6f97fe28741ffeb65ab6fe7f672071

SHA512
d3d7f6389a080e916c856d0ddd859496c9e1ec7ec2dbce275edc34f7452ba9189b3ab7996ec82d4bd079a0615b9c7b91cc95a50e5bcd7e891cdb5e8140d9eebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c03ae6e08d3c3df5ce26ce5d0295ad51

SHA1
6819fe81f76125f6ae5765c6931aa9542d70047d

SHA256
0cebffe9a10f88951db1050df8c8b96039aec53e89a9ca2ccf426487b4bc3308

SHA512
aececb23d73beaa004951614de8d1b00eacf6cb4a45027f9d6c1a2e5ff976eec3c39d649f381d879cc505b981e9587e99ed3d0a0503816a577cd299b0a389eee

Download Submit
C:\Users\Admin\Downloads\RОBLOX EXECUTOR.rar

Filesize
12.0MB

MD5
b64f673b4c9c54f58fe1fb46b827865e

SHA1
192369ae3e5d8435d8c911ab3ea3b74ab1f39eac

SHA256
1c7da567db19bd6c8ab656d36c6d540ebbb7903293c82e8c1a35c0d6c3fd69c3

SHA512
eb82305ff95ea762ca63be7ec738526c2e009370b815ab1d0c9a3fadc2fae1c686c5d84c46c1301a289e49bd568f8a42d611b13fa95dfa5be660bf135de566ab

Download Submit
C:\Users\Admin\Downloads\RОBLOX EXECUTOR\ROBLOX EXECUTOR\Loader.exe

Filesize
361KB

MD5
323f730dc9358dddab93ee462f4b5e84

SHA1
0f5b8dd4dbaf1170f33dd9bfe6123c560d7c718f

SHA256
4b51d952281dc7895fbb58b2425cedea842d4a1da71165ac2a8376e24db85ba6

SHA512
324ccd7871e305388441708d8e3d08bed24e70fbfa21f90833b298c4ba6fc50d8e8021cc49e2014ab4bf7a7b04faad97e3de2fecc4b8d01950589ed0b2e536ca

Download Submit
memory/2288-1222-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2288-1224-0x0000000000400000-0x000000000045C000-memory.dmp

Filesize
368KB

Download
memory/2656-1218-0x0000000000F00000-0x0000000000F62000-memory.dmp

Filesize
392KB

Download
memory/2656-1219-0x0000000005E70000-0x0000000006414000-memory.dmp

Filesize
5.6MB

Download