Analysis Overview
Threat Level: Known bad
The file http://roblox.com.kg/groups/9649207841/#!/about was found to be: Known bad.
Malicious Activity Summary
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-10 19:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 19:10
Reported
2024-06-10 19:13
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
155s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{4CAFDAC7-E418-43B7-BB42-5559A28B9B0D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com.kg/groups/9649207841/#!/about
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8534c46f8,0x7ff8534c4708,0x7ff8534c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16918914717284170665,6199529446103834416,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com.kg | udp |
| NL | 45.128.232.210:80 | roblox.com.kg | tcp |
| NL | 45.128.232.210:80 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.232.128.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| SE | 2.21.97.49:443 | js.rbxcdn.com | tcp |
| GB | 3.162.20.32:443 | static.rbxcdn.com | tcp |
| GB | 3.162.20.32:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 77.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.97.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.81.224.13.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| GB | 13.224.81.77:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| US | 104.18.33.170:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 3.162.20.57:443 | images.rbxcdn.com | tcp |
| GB | 3.162.20.57:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 2.17.251.47:443 | tr.rbxcdn.com | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | cdns.gigya.com | udp |
| DE | 23.201.252.242:443 | cdns.gigya.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.252.201.23.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | client-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | client-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
\??\pipe\LOCAL\crashpad_3424_UBFJRAAXPOWJEYJN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 338718c3537ceca52485dfe778d86678 |
| SHA1 | d3e214228df871790a4871226b9e11fa529e3ad9 |
| SHA256 | e78f926c59ee8add303412f937f7466156e036e2fa2fdaaf33f13eb77a7bcac8 |
| SHA512 | 8b05a3e4c3ef2886dd7ad1f13bfb2520ad98c7759b6aaf8f22470f3281f820d7c8b88823b5b5d6c268ba52c99cf97a20eafe2ce5bc974aabd956f5c0e44449a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 84b9ca814ef14e1eddc900f7fc5aea0d |
| SHA1 | bc848bebec94cf51ec09e15aeaf05cffd05c3079 |
| SHA256 | 94592f494e6b9c8bf5efd21129c6850a1d09364ce637c6638d11549466355f66 |
| SHA512 | fa8ff4a15751e2d81edceff9d767caf8d8fb7dacde8b3db62032d1cd18c294384a7c6ad7de132aae2e8d08a25b0751f3ddfdd7270fe296df65e471e3c922fce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 491d11c9f9eeff2eb571385512edb4ac |
| SHA1 | 3a0adb509328dbca088ba51ae29f424fa18e94db |
| SHA256 | 7cea88e7a6907fe91e22fe1b603e65fe9e2e513e09092f108b0f683e8abebda2 |
| SHA512 | efff2ed2705949a1e35191a5e890098f0d8b090142ce79ee0b4e817cc0877d554e00f4ec084335770a487dbee2d184310ee07e084b4a259c47ab4f6f21d31e01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6c3b33bca5d57fd277a2b668b0f2bd3 |
| SHA1 | e77500c08cf5209b0a7f0c419b1380fe7a310ae6 |
| SHA256 | cd1122965115f08e8810fcd23db4fe20d46066803cd08929660f29cea4169ff4 |
| SHA512 | a7956e0946bf5a269d8f8694d83d418d8a939d538a5015137412839888ba62c0745bb40dabd14ef0e294c6b7affa50098eb9c8c66efae85210c50ff0f0250afa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6718b000854cb301bd81fee3b5d06d81 |
| SHA1 | e21620383e4574368ecf2f9e3e42013122cf257b |
| SHA256 | 2522d2658326c2119caf694d8865065d188ae7a2653fb4858fcaa5cc148f2484 |
| SHA512 | a76d5a1f391b3cc97eee772c9dcb4bd2541d8922371bc60755c9091168459c4b45a089fd0b88872caee7d8c34d283e897a5b4053f046cc398a9977568b133d37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5554da74c3886e05b352b2cc1e8ec38 |
| SHA1 | 7c45495335c2321763e371ffe831dd8ecb2c1fd0 |
| SHA256 | 8bf48aa85fa128007c7ec77a92f3b61b319e735762a7c7c1a245d1ab608e1674 |
| SHA512 | 89841815bbb1375c9fa9bd1575fc8caab5db67b48298a8685c5a435dd7cbae00b05579a0322fdf73c0cf654b828c2a87d30895356c2e661bc2d4077743e81963 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578ed2.TMP
| MD5 | 7a2352dd612c34c82933e8663f1fb9c3 |
| SHA1 | 459106412b6838ecc45e2d0cda636164dce46a40 |
| SHA256 | 129a22bb05ed8fe9cb2cf4de77526fdf7617d7f1b40f4e784f07d6ec4c824407 |
| SHA512 | 747b58e406dc1fd63866261274b72ccb4221f665d51b79b6ee6e0fd207c29650755593bf49c1078e0e7217713ed92bb44b6dd59ebfb16929b140f5963a40550a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4af61255550fdcc374d47ed557f5ce4e |
| SHA1 | f0389a57dd2ab0cbd2fcbaa4b1a7bce4ac4f9326 |
| SHA256 | 390ad2646f0847706dffcb9f73368aa4bf9a58d4fb388be7ce1b8189c71dfb4b |
| SHA512 | 56b8d051580e71509be9c1910a680fb6a43b7e1bc0e026a6602f36dc83e8d4df8219f4abaebd891d2a05b66c96e5c6859bfadb80b01da015e35402022278bfe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0741cc2634b481ed2c864b1870ab692a |
| SHA1 | 6444630e182291e9008392d86027b5d339474816 |
| SHA256 | 5f1ecfd1f578ada9872fb9ef5b746cec4cacd4136b3bd6bfdff907ea97512f2c |
| SHA512 | d9bc473494f6636dda5b4534570a6bd400d4d0e06a45e04271d5e84655c36c666512d4ec6ba2e9f6ca629d63c97eb134d169799ff04822f9f27a8c9ea2019ced |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7824000473930e53012f16836ff844f1 |
| SHA1 | 65f9ab93e67881a06c58c6016fcdce53339b1a10 |
| SHA256 | 383c3136ae087db97aa734e259253fa727e91db5a69cea8bd00b7955af4d05b3 |
| SHA512 | a476e24b0766f13e9fa6e59d9f29838a4b4ddbcc1c57bc06cc103eecf1cc7b9b5652a5b1767167444233993329f5c8e90fb17d48ce9328c91784ff66b183c0e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3ad2b92dbff26715526e85cbe554c003 |
| SHA1 | 8b3d8289298a97bfec36e8505f6eba5d993b4fb0 |
| SHA256 | 5f0a278f24918cb4095c693105aa9ea10d207c0f7dbed1125bc1f7768ed131db |
| SHA512 | 019935b2bc124ace78b73d695b3ffd467d5dc4053dbc9e83e31a746e609529b8dcc733e8ee408d5537e350982bb4f5888aeffba95e734c79a44ad4de6c971972 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 507f3420fb58c7328bba35dcb1a00da1 |
| SHA1 | 79ddb0b057b7330624e52a829e652f2b69da892b |
| SHA256 | 71f047d91f3b91b1d36f06efef270147b6293c5b000ce4d4d03634f98f99fc1b |
| SHA512 | a8488e8d817c8ba17b1a81b0eb4ee74b144122227c6ac5186a66fbe1336e0c87565da9753468ed375730e2488214f81f91d81b8a78cccfe7303addc537e6b943 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c0eac24de9496a54fea9c55117a3ada |
| SHA1 | 96ae9fafbcc3206600c83fcc050aa7a72d8f73ff |
| SHA256 | 92663afba74d5923b54a36712c6547b90768e72674f242254f2625edae0e2b7e |
| SHA512 | 001f80687d131fc282d094eca46d7748d10c05c413e138ed9d041591a588278dc3289c7b265c8ed59b2ab6b4fafd920e7ea658958c4e5583efabcdb49b73d322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | feb9ee1f0ba5ba924e9566102df9367d |
| SHA1 | 93c45a7859d2db18f7f4d14a5fbe1088303045f6 |
| SHA256 | 5fe7dcc3ce791d7d24187248df4854c087c389daa1b2b7580c7fe620726844ec |
| SHA512 | 17b3d5ecb23fac7912f3ea28cb6baa5fab9baf8f2be7dc56a2f9813b5cf20ef7873004e69448e36c5c8edf42bfd213cfae71b60f011cbbd7976d981a35d3512c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e18d941b737d711274d7461fb2b6fd7 |
| SHA1 | a312250ef1d74cda67be1b668225f43d6aca854d |
| SHA256 | e80d8c3d61187130f2cbd0f6992a83258d7800593ed354aef41417102c5df15c |
| SHA512 | 71ed145e91970fd6d0e0b0e4ffc552c592dc50cbac4e4cd2c2ad4e43f9a63f3947f78795bb32723223773b58851f646ddf6208eeec90cde2ed85917d077346c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb059efd1f74566f75febbbcd8658473 |
| SHA1 | 538914199cb9e221633029322035e0d50bb07bc6 |
| SHA256 | 237601a28b71cc3435e387ca5fa8ebc546b9e2da9b75de98f0bb9a8a145b852a |
| SHA512 | 386f7e3aa1196076e963525bfa072ba48ed559df245724d5093c1fb40617da9e01493a13409f249d214518e5dfe55aae19f0fba845ac15b0b87213577f6af429 |