lumma | hxxps://www[.]mediafire[.]com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR

Analysis

max time kernel
218s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR

Score

10^/10

lumma redline infostealer spyware stealer

Malware Config

Extracted

Family

redline

185.196.9.26:6302

Extracted

Family

lumma

https://pepperdignitytaciw.shop/api

https://publicitycharetew.shop/api

https://computerexcudesp.shop/api

https://leafcalfconflcitw.shop/api

https://injurypiggyoewirog.shop/api

https://bargainnygroandjwk.shop/api

https://disappointcredisotw.shop/api

https://doughtdrillyksow.shop/api

https://facilitycoursedw.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
RedLine payload 1 IoCs

Processes:

resource yara_rule

behavioral1/memory/3976-984-0x0000000000400000-0x0000000000450000-memory.dmp family_redline
Executes dropped EXE 8 IoCs

Processes:

software.exeopen if it doesn't open 1.exesoftware.exesoftware.exesoftware.exeopen if it doesn't open 1.exesoftware.exesoftware.exe

pid process

2984 software.exe
628 open if it doesn't open 1.exe
4068 software.exe
208 software.exe
2116 software.exe
5600 open if it doesn't open 1.exe
3704 software.exe
5360 software.exe
Loads dropped DLL 6 IoCs

Processes:

software.exesoftware.exesoftware.exesoftware.exesoftware.exesoftware.exe

pid process

2984 software.exe
4068 software.exe
208 software.exe
2116 software.exe
3704 software.exe
5360 software.exe
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

resource	yara_rule
behavioral1/memory/3976-984-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

pid	process
2984	software.exe
628	open if it doesn't open 1.exe
4068	software.exe
208	software.exe
2116	software.exe
5600	open if it doesn't open 1.exe
3704	software.exe
5360	software.exe

pid	process
2984	software.exe
4068	software.exe
208	software.exe
2116	software.exe
3704	software.exe
5360	software.exe

Suspicious use of SetThreadContext 8 IoCs

Processes:

software.exeopen if it doesn't open 1.exesoftware.exesoftware.exesoftware.exeopen if it doesn't open 1.exesoftware.exesoftware.exe

description	pid	process	target process
PID 2984 set thread context of 3976	2984	software.exe	AppLaunch.exe
PID 628 set thread context of 1224	628	open if it doesn't open 1.exe	RegAsm.exe
PID 4068 set thread context of 4928	4068	software.exe	AppLaunch.exe
PID 208 set thread context of 3448	208	software.exe	AppLaunch.exe
PID 2116 set thread context of 1008	2116	software.exe	AppLaunch.exe
PID 5600 set thread context of 2928	5600	open if it doesn't open 1.exe	RegAsm.exe
PID 3704 set thread context of 776	3704	software.exe	AppLaunch.exe
PID 5360 set thread context of 4544	5360	software.exe	AppLaunch.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4100 628 WerFault.exe open if it doesn't open 1.exe
4224 5600 WerFault.exe open if it doesn't open 1.exe

pid	pid_target	process	target process
4100	628	WerFault.exe	open if it doesn't open 1.exe
4224	5600	WerFault.exe	open if it doesn't open 1.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exeAppLaunch.exe

pid	process
2740	msedge.exe
2740	msedge.exe
976	msedge.exe
976	msedge.exe
4268	identity_helper.exe
4268	identity_helper.exe
5416	msedge.exe
5416	msedge.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3976	AppLaunch.exe
3976	AppLaunch.exe
3364	taskmgr.exe
3976	AppLaunch.exe
3976	AppLaunch.exe
3364	taskmgr.exe
3976	AppLaunch.exe
3976	AppLaunch.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

msedge.exe

pid	process
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

7zG.exetaskmgr.exeAppLaunch.exeAppLaunch.exeAppLaunch.exeAppLaunch.exeAppLaunch.exeAppLaunch.exe

description	pid	process
Token: SeRestorePrivilege	3148	7zG.exe
Token: 35	3148	7zG.exe
Token: SeSecurityPrivilege	3148	7zG.exe
Token: SeSecurityPrivilege	3148	7zG.exe
Token: SeDebugPrivilege	3364	taskmgr.exe
Token: SeSystemProfilePrivilege	3364	taskmgr.exe
Token: SeCreateGlobalPrivilege	3364	taskmgr.exe
Token: SeDebugPrivilege	3976	AppLaunch.exe
Token: SeDebugPrivilege	4928	AppLaunch.exe
Token: SeDebugPrivilege	3448	AppLaunch.exe
Token: SeDebugPrivilege	1008	AppLaunch.exe
Token: SeDebugPrivilege	776	AppLaunch.exe
Token: SeDebugPrivilege	4544	AppLaunch.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
976	msedge.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe
3364	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 976 wrote to memory of 5068	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 5068	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 3352	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2740	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2740	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe
PID 976 wrote to memory of 2884	976	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/3wn6d92zh2xhh/ROBLOXEXECUTOR
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2c0f46f8,0x7ffb2c0f4708,0x7ffb2c0f4718
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
2⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
2⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
2⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
2⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7320 /prefetch:8
2⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
2⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7800 /prefetch:8
2⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
2⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
2⤵
PID:4472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
2⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
2⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
2⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
2⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
2⤵
PID:2984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
2⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,17607255199901536535,8566933127886927229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
2⤵
PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4988

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\" -spe -an -ai#7zMap5438:92:7zEvent15222
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3148

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3976

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:628

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 152
2⤵
- Program crash
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 628 -ip 628
1⤵
PID:2624

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3364

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:4068

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4928

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3448

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:2116

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1008

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:2520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 284
2⤵
- Program crash
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5600 -ip 5600
1⤵
PID:5280

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
"C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:5360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:4544

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\software.exe.log
Filesize
226B

MD5
916851e072fbabc4796d8916c5131092

SHA1
d48a602229a690c512d5fdaf4c8d77547a88e7a2

SHA256
7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

SHA512
07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
31KB

MD5
4988d8738421543a1c790fee85ddcbea

SHA1
7e0c88386319be09dadbbfab5b20c233a34e949f

SHA256
f90db5870b60640b31f7892b8c8a3174936f9ea9261e237df12d4c48ecc907d9

SHA512
d7e4f2eaf21d7588742f61fcae1c0d249df1c61fa2d7f9534a6d9be4491a0cd404e6aa840c535f3c4edb5aabeb3faf010e05767335acd1d87d0c2b9d92173ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
Filesize
34KB

MD5
035a7210103ae3b8987f0575b902ca51

SHA1
9216ffd167dfba8f8494e8ac4936c944d1d3bbdc

SHA256
7687fdb527722a6f887b17d7ce5fe9229450b05413676038db6ef835822d7609

SHA512
abda2b2fd95a0948a2ebbfe6df24703f41822c910666b35b97cd055670037f732c8b88ecd01739b0247c6d6f2d71b62e47047237b716c28ad9a97dc6ebf2dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
Filesize
20KB

MD5
d780d1f5d07973ffe9c6dc331c8f44c9

SHA1
8f6e441426e7c5364cc08591afbd82a36541d4e8

SHA256
3dde10fcfc9b83692ac0199c45262a2a4e199f53e42ec78462564ed4999f2a66

SHA512
c303afdfd7c4919819335a64aa95714b952b3f254f1d4400cef40d7df97572bad83fe7e7cb7cbc19297ce594c539f97d3ffaabe04f83adafa27ddd567b2a7432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
Filesize
63KB

MD5
82f9699668804cbeb6ea7060a645ece3

SHA1
bb994c7a50f1fff3f1bc6d693cd5d631dd00567f

SHA256
67ae1ed6e78991a1488107359f4257c474dc6daab3b61a4e11a0b53ec1938932

SHA512
709f3cd099ad931b71c4b1143090d9c5896348e2856ac55698da24e7e2c0eda9be88bb62d189addfe56199c692a9f42e4e7a5cf74fd5e378884abe78edf1be5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
Filesize
62KB

MD5
42d9fcc7172456834d9e05605cfb999f

SHA1
d1df0982a953011482b7cc5e97803a5fae290ba7

SHA256
5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575

SHA512
5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
Filesize
31KB

MD5
60140bc834da90837a9a4d1530484677

SHA1
d99868b0693b332681b4db7927f3f11b3ed37607

SHA256
29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e

SHA512
448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
349d82ee406663c8e622b32263135c91

SHA1
ded538f21939e08dfbe2b968a52f4281f6798f36

SHA256
dd1a07199758d11c40781c7465ae77c6c054155042d678e7cae91a87c63936c5

SHA512
2eeb721c1cfdfdf49d70a7b7e70fa34d6d8dcabe6f4429b1d6d1b5766c2b0529a54e9faf2dcff85399167a28df4430b8c418bb5c7f09f36ec3fb7c9ce49bab8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9b05739614fcd79f66259345286a5d23

SHA1
7ad28018b99b6ecca8c5a3226f0b0a9eaf5af6aa

SHA256
ca8d69e9e5ad2cd5d615f24c91af45e2825139a1cddb58654ee4f48fca4ca552

SHA512
df9b7d390ae41f3167f7f1608a012e4ee5e608c3781036aa04cbcf2bbc226483493df50e171909d3bb6931f8450c9790ee37abf679a4247b9ef23b3d5587e959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
40KB

MD5
dc82e07b8652169d3c8eb47f9ce73230

SHA1
73111eae77d6ab84f6ca9f7f6ad973e835c26ff5

SHA256
059328211ba6a1dd737faf37398d56997334278567193ab326615fd99c4e6eb4

SHA512
30b0b0597a2f16fb61e4ccf56aca610d500e6527f6c2e2a5312d212e32930aa9bc08778e5cc5381c1d7f707c23613ff69f096f783ee547563af8071e7147cc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
5789ea3d73c9d2f1d804596e96bfa2a9

SHA1
ebf07004f7481b4fdd4b9d66b85ae8e49c091888

SHA256
afdfccd821862827fda919dd44b44df453e883ee4187b6555a8ca49427c97624

SHA512
99bbc6ecf2e4e48c801afedb6f7212dae24fe0f45169424b1697f13f3538b8f2342a58851d127e50f08dd07ba4354c2c0690d430296d3c83832fd2a8b1f98152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
a363a08b960e4ba44250c02fcc2486b8

SHA1
1a1e7607c7189d078f4f4f620e386e458db17296

SHA256
edc72b58594153367f8ba38e8c8ab6ad64bab6f623057f717f4251a657bce204

SHA512
c027dbd4b07e40a635dbfdec97e671618d849df3b0d49c88eadde86a6e112e959ce326edf7a96f9b5edbe4ec24f8ac31ec8dfff142501daa7d87364afd4f22ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
984718f67c238aa46349e0be803342b0

SHA1
8b787c02265d0150fc9fd38be12206e988acfcf3

SHA256
b2ba2bea7b65e6413952554c96518c7608d3b52196dd767b72575dc42d673a71

SHA512
25f3a713b9847b4e7ce5096af81b9993513e5bee1b4d6a4e38ff84cd81bea801cc9509b49098417d95d3684948497975a17449b106378dadea8725a8774506f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bcccab0113228fc425bf0222f4404972

SHA1
e3c8e3f239311d3cd123bd8f09d7c768292541ba

SHA256
af7fed0cc476578c219f7c7c6e7c57b8ab58b7c0b61c74b05dfe927439bcddd3

SHA512
19cd51993373ae125e7b970fd8a8a91f7fbfebf5803567f6e741d6cd518484e941b3bf0c5d49ebcd0b1aea61b828f87c2b403ef8997b450869a5a1afd8211a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
48962d36a8768d9122dc1f83edbcf04f

SHA1
2cabd5190302a908cfd27fe2d02e1d638a68e36e

SHA256
f323d8ddd425ff9ec458e2c89cd8f8300c6e2023a8e95cb32d45fbc0171babee

SHA512
edf3385039768adc2f9fe84843748823496566bf6ca9b4c544cc6a2f7979324dadd077dbc3fb5747ee4c525db4bdfb87cd75c27a6c2c8e9e88f0d402daa784a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
9caff68a1b1c5eb6ae37bfa01c17012d

SHA1
0d1dd7fb31ed4d459859a9d688be39d9f9278545

SHA256
f501a5400e749ee82d77718eb0710968273678f6fab47ab3d88f2a1f69898f51

SHA512
de69552ff5760de60499618fa370d65b3bf2115fb66f11b78593597287324a56c35685796faa09abec9cf89193cc92d66fee9a48b5b90c6a9e34fcc4a028203d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
d6b6883adf6082fc507e6fcca3bfe842

SHA1
c05338558ffb21362168db36a79426434c3e5697

SHA256
fba0a1104b2f911f91587dfc268acf981a4f02f754edf94ac5a7568c39446266

SHA512
69e2255c39eb4cb2592662e46f5f2a18fcc0a563e0c7bd05eab0e9d90ba3ddb32adcece587694b802c0cf0296af769e93135d0f0c9c52e05b8b08c8642a6f70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
851bc6874083597c88f87969bbc34952

SHA1
2941da1ed81d42b0fbef667faca5e83461124ef7

SHA256
ec04b7fdb5dea69c65ce3a71920945c27e241b0a6303efbb5540dd83c2ca4676

SHA512
512381c8db6dfdeb7073baa3353e12cac10b59a6f4eecc2db41018b6ef5b15c7a69d6abdde52adb5adebf2a22215ebd521d15424cb68328556f197a4fa20ddd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
3bf18c03c72c9ac6865df56008fa9d03

SHA1
1c9763b84f6980bd4e9571ad08ebe8628fb3eca4

SHA256
693408dc484197376f6e4d9deba567c5dd18e0cc4f4161d38f457d10ce22c1ed

SHA512
afb1b7289aa0b830dffb5d6121e4f2727117bbdfe3bc07f8208378f7b1205611655af3184aca2cf12f47b4a2654668d7922ca6300710c19b3cff97106ef968b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
98265fbb41102c89173a8e68a32c03a3

SHA1
ecd60d9b4f2d3d4934a4a481d46bc2640b57edd0

SHA256
0b117f0462799340687d1f57390f87ae956c42345cf17d7198fad3e3b713bde4

SHA512
b9d78102028033c2461d29afa1c5df9015f6dc44b1f9b94210425fda0d9fd86db2b0687df65d0ba25c1dbd1aef16b2efd0901f9cb50ec28944ed5f71312f3752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
e248d314de843b8eee3b1b2851b095b4

SHA1
1362ba584d783938699d5628f56bac8d5cc79dc4

SHA256
0a86f3667508aa3d109f8f24e93c1ee7283c90557fd57d7cfeae4e16d3af0cf9

SHA512
b2dd0a8ac60dea240395e711d6fead5ae9335408964b0f5fb5d1a04dbe78f544904856d18e36181ce1f0623d142954a90666312cb0ba3c38a85ecd65ecab6e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57948f.TMP
Filesize
1KB

MD5
1da69bc5fc061689b4dbd0e788fde40f

SHA1
7f820ef602bc2e1d27c3c5f162ac8e6b3c24a710

SHA256
f8bc28a81ea87f6c42f44614f0bc4b0446b4c97e14645805715d52b7d8e5ff66

SHA512
6669c2dd2df11cef432bc9841b9ee5d920a2b2cb2e97efb41546ce33b58c40c23a1d8d7ff993665d16b67e2981b2c59ad69f3b077bc231c0ab038365cfe8e2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f5d78cf1dd818a8c7abf68660c895be8

SHA1
ee3a16cb552429b57986b24fa6f84856fdc4fad7

SHA256
565ba98ed6e20415d7f0497737469d5d355253de960beec423437381d2ec0c3a

SHA512
b4d7f9691cffcbbbcb7179f7e6fe3cec94e13fc1a09098fb69da65fcec2eb223d7939d37918b9648cb8c3286659c779df947d0cf3166725f41ef0b1d16a8c93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d37106a1e49d2c015f8ab870d8a1cd63

SHA1
1c3968d1b8c5003f188a72676f868ec36d5aa0ff

SHA256
cc5600a388b63102694665dccee16ff2712b85591a95c976541db4a6aea286c6

SHA512
e243617d9f25e4470e465a1591d7d8eeb5d92820846642553de082c6e9224b76cefb870b9fa9f8d10dcf6894707423acbf52bc862bbc924ae795528ffae892b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a4fe73f9-3915-403e-b96f-a5cbd531b533.tmp
Filesize
12KB

MD5
70c1d19847f553e4e4f7e08a78115a3c

SHA1
ad4e3892eed1da2243d5757ae4c3ca87bb6056a7

SHA256
b3f99010ad5d6ad13ff2b1b9d424cf4f55b883a2996f453493fd37ec0474c751

SHA512
e8c86c1259c9a2797aba48615889351c9266ce2edc07c4be069a53463dd43bf07b3f859247dd82641fb49a0269f71c056446304e84dd1b6f441d05f17b9d14af

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll
Filesize
404KB

MD5
daee91e21e93a87f9cd8ba2e31505e09

SHA1
39ae85d87b2586b3aeafed5f5e355eee80e46af0

SHA256
925ba253a4482b220047bf5bd4502bd800ab1a5dd85204e4744d3d688d125c48

SHA512
f25d9f1f5ac2140271813a98cfc16f95dbb1babc90c926d9fe147c0e4e3af187f292ce959eb273c75e3c62d5b90d7390856abe5b988f5c85f6a08f990ba4b15c

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR.zip
Filesize
21.1MB

MD5
1cd3992293a8f7057d47817f8b5ced59

SHA1
e61ea011b804ecb6692316d808762c9ffff663a4

SHA256
5cc27d64ae40c4700cf249374647cd8115df68cf71e354c76ce42469e1ea8534

SHA512
06478bdb180aa520fb317b56d2105a191c350ffe2a0fbad554eea1c351be8315173c828974274ec7de5ab0c31b5c0c6a1812bd63fbb965b21994b90ac20fd961

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5Network.dll
Filesize
1.3MB

MD5
c24c89879410889df656e3a961c59bcc

SHA1
25a9e4e545e86b0a5fe14ee0147746667892fabd

SHA256
739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e

SHA512
0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5Positioning.dll
Filesize
319KB

MD5
fb45f544d61c6a0a66e7ad3f5c0508b1

SHA1
50331a21dd2db624a559fa7ec5d3a0d93b8944ae

SHA256
e42297b688986f0e6dba17ae82a5d78cba1139bc03a0c30fbb6a6ef6c7f557ca

SHA512
3419f317f34f29996e8e139fe1725c9568bb262ab895a110be925b324fa3703e9a61a29e19b0b18e36cce31008353b9a9f80064b90aac7c16b05f544749e243a

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5PrintSupport.dll
Filesize
312KB

MD5
dbf79abfb2fe2490fddfcc5b142326b9

SHA1
8955c5169f62b643a53920607c1392c049d180c2

SHA256
a4869f741088c67a0b449edad15658a9cf1edd8b693e4b23b6172952b6a7f9bf

SHA512
424ff210400a77876fdc6eb87ca245bb475151ebf2656a5e36ee77fe27ff4cbb5f30cd608a0cdf5113fffcaa00398de2e758a1721e7154585a230e53981b6051

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5Qml.dll
Filesize
3.6MB

MD5
27e0d9b1fd02d19a8745459bd729926f

SHA1
fee35bd148db2a9eb410f3c8f5c9a216be0d6d18

SHA256
53e8fecd7d4b1b74064eba9bfa6a361d52929f440954931b4ba65615148bf0ea

SHA512
aef0caeff970629a6cce00766139a407ac8e7c1179e5dbac1e01e252725f25a6fa771a7bb0cdcb894394b1ee7cff323511fb1eb64901d0c959fe2203d132ecc6

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5QmlModels.dll
Filesize
430KB

MD5
51addd243d4acbf6e2704b207dfe40b2

SHA1
acbc43b8480c1d8884d1b096d66a2ed678318b06

SHA256
1ac4753056179b358132c55ca3086d550849ae30259ba94f334826c2fbf6c57e

SHA512
c8aec4b704ee70bef16c71b1aded727e3a289831c4cc8f3cb276813e3f2ea1d96f3ff8529dee5ead46eb889206b4a3b4d2e468827fa833831ac69f43cc797064

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5QmlWorkerScript.dll
Filesize
53KB

MD5
b1355f6f2e317a7c47c7179c1d48f407

SHA1
db7fab191779a9fcc90710da7ece693d55e6feff

SHA256
5c3150972603c07290cf8dcfa7e6d850abb6a1d15f3f1c42d8bdac8623f1a148

SHA512
c0a22ef0abd17c29199960ffd1c2de65a007bd2616f988451dfe88f48ee4a15e0fe3cb4360d3783f8d2c5acd6026f130cb22e0837fdd04ef5f433d3d7a0b6951

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5Quick.dll
Filesize
4.1MB

MD5
1318935680b9b9771e1e4c80fa97fbd4

SHA1
e3c8efc59866b68f6e28c163fbaebd24e3dd24d2

SHA256
553451008520a5f0110d84192cba40208fb001c27454f946e85e6fb2e6553292

SHA512
678e4678fcdaf09f8d5ad5f869941f511ba5440ab7cac8e0693f20e16bca09095ccc49325fff2ba0db56df6e4c751a273aec13ccb49e703909efc6ca96f6ab6e

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\Qt5QuickControls2.dll
Filesize
167KB

MD5
60217140ebbd4fe3d430d09505928d45

SHA1
df65388f808c5f6f24e4d320ff7a03db1d1df5ad

SHA256
dd30ade18125471c8700ba01cfb54e85570c0f365e969717bc0ba6ee8199e242

SHA512
8e2ae344145531f03db3a7d916d6e6e85edf7c34778c97f9361455fc12ec013f828a9634abb7f293e548dd9be5c45e9d637d7ecfc10624138476c7eaec532b87

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\ffmpeg.dll
Filesize
2.6MB

MD5
2fc7f6b0abd1af4988e30e58e8310291

SHA1
9d553d0ca4f13bf2ce07d850344cb1ca70bea0a6

SHA256
b08a720802c6dc662247e52658499ce9f87211e0d88343fb0326a1ce9abc5e8b

SHA512
cdcad781dae26a565fe07dec861c5f47a0861e308a275da529aadc9f4dd03778b40ba8b9e8b7cc3042b7d543cef6ec38f8e79761a7d6c5fe639872ed23d799c2

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\icudtl.dat
Filesize
9.7MB

MD5
224ba45e00bbbb237b34f0facbb550bf

SHA1
1b0f81da88149d9c610a8edf55f8f12a87ca67de

SHA256
8dee674ccd2387c14f01b746779c104e383d57b36c2bdc8e419c470a3d5ffadc

SHA512
c04d271288dd2eff89d91e31829586706eba95ffbab0b75c2d202a4037e66a4e2205e8a37ecf15116302c51239b1826064ed4670a3346439470b260aba0ea784

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\libEGL.dll
Filesize
431KB

MD5
1ed91477a02e0e2a64e5e9f26bcea438

SHA1
8058c2bd3342d8d882768188b1e5c45567a8dde9

SHA256
a1267343e2ff9f9603627c0520e6cdd8e4a67fba041146e8def6a43e334a4e03

SHA512
c80ace4df62ccde9699cafaffae290cb9ab83dc5db5fed6483aadea0f6389eaab8cc44f8cfde43aa980307a6f357d51c406fa267293135def1eee5378d0960a5

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\libGLESv2.dll
Filesize
7.5MB

MD5
640a515fcd8e5d5a332c1d40c47700b0

SHA1
0128c9d499deb7866f3d7aae0adab69d9a8f768f

SHA256
927c858deb4700d3759fab436d5ba554ff4cf7be505d536ea1c673707d5ca8a1

SHA512
792acebb5ba329e61bc319b415ba01248dcf18c7e46695222682dbf59d179403ced15c19ae03a282dec7e622121c05844d8eae5a04a2aa1f552ebced51644e27

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\open if it doesn't open 1.exe
Filesize
509KB

MD5
843deed0a45fb730c6eede70baddbd15

SHA1
6788f983ee3fe9b0e87384d6cfaf69806a5dea17

SHA256
bc007942839cb636c7cc198ff549637dd7689ee2a87803fd72777421d3e98f05

SHA512
85fecd98c50be96f9ec29ce10a2286ba39a36a702d95d66b4dbbe59f107d0de698a9513f43148e0889434df839aae757c955ea39ff75e33e70a6905d92506318

Download Submit
C:\Users\Admin\Downloads\ROBLOX EXECUTOR\software.exe
Filesize
1.3MB

MD5
0d0b54212190a4974dc27c44dc86f06e

SHA1
4d4d21c61afb82d96c443b74f66c73423a5816ee

SHA256
9ca76694a9e4f496b6b90ca5da754e80f54ecf8f1d27765adf5a06b17aaebdce

SHA512
552adc0961f1890f34af51e7e4ca0f1367beb11941d092018717f305481ab062b8e98c9d6aab60f29513afb0201b5890be65b19141a020c0598f4c88d03f3f99

Download Submit
\??\pipe\LOCAL\crashpad_976_WEOTBWKSJOXZQIRV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1224-997-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1224-996-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/2984-977-0x00000000007F0000-0x000000000094A000-memory.dmp

Filesize
1.4MB

Download
memory/3364-1010-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1007-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1005-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1008-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1009-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1011-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1006-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-999-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1001-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3364-1000-0x0000028FAC580000-0x0000028FAC581000-memory.dmp

Filesize
4KB

Download
memory/3976-991-0x0000000005280000-0x0000000005292000-memory.dmp

Filesize
72KB

Download
memory/3976-998-0x0000000005B90000-0x0000000005BF6000-memory.dmp

Filesize
408KB

Download
memory/3976-989-0x00000000060D0000-0x00000000066E8000-memory.dmp

Filesize
6.1MB

Download
memory/3976-987-0x0000000004FF0000-0x0000000005082000-memory.dmp

Filesize
584KB

Download
memory/3976-990-0x0000000005350000-0x000000000545A000-memory.dmp

Filesize
1.0MB

Download
memory/3976-993-0x0000000005460000-0x00000000054AC000-memory.dmp

Filesize
304KB

Download
memory/3976-988-0x00000000051A0000-0x00000000051AA000-memory.dmp

Filesize
40KB

Download
memory/3976-992-0x00000000052E0000-0x000000000531C000-memory.dmp

Filesize
240KB

Download
memory/3976-1014-0x0000000007140000-0x0000000007190000-memory.dmp

Filesize
320KB

Download
memory/3976-1013-0x0000000007670000-0x0000000007B9C000-memory.dmp

Filesize
5.2MB

Download
memory/3976-1012-0x0000000006F70000-0x0000000007132000-memory.dmp

Filesize
1.8MB

Download
memory/3976-986-0x0000000005500000-0x0000000005AA4000-memory.dmp

Filesize
5.6MB

Download
memory/3976-984-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4928-1027-0x0000000005730000-0x000000000577C000-memory.dmp

Filesize
304KB

Download