Analysis Overview
Threat Level: Known bad
The file http://roblox.com.kg/groups/9649207841/#!/about was found to be: Known bad.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-10 19:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 19:16
Reported
2024-06-10 19:19
Platform
win10v2004-20240426-en
Max time kernel
147s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com.kg/groups/9649207841/#!/about
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd944946f8,0x7ffd94494708,0x7ffd94494718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,2542089254815745190,9281963268078185243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6880 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roblox.com.kg | udp |
| NL | 45.128.232.210:80 | roblox.com.kg | tcp |
| NL | 45.128.232.210:80 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.232.128.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| GB | 3.162.20.13:443 | static.rbxcdn.com | tcp |
| GB | 3.162.20.13:443 | static.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 14.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 13.224.81.14:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| GB | 3.162.20.128:443 | images.rbxcdn.com | tcp |
| GB | 3.162.20.128:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 2.22.144.28:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| GB | 128.116.119.4:443 | www.roblox.com | udp |
| US | 8.8.8.8:53 | t2.rbxcdn.com | udp |
| GB | 18.165.160.35:443 | t2.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | 35.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | groups.roblox.com | udp |
| GB | 128.116.119.4:443 | groups.roblox.com | udp |
| GB | 128.116.119.4:443 | groups.roblox.com | udp |
| US | 8.8.8.8:53 | friends.roblox.com | udp |
| US | 8.8.8.8:53 | premiumfeatures.roblox.com | udp |
| US | 8.8.8.8:53 | users.roblox.com | udp |
| US | 8.8.8.8:53 | privatemessages.roblox.com | udp |
| US | 8.8.8.8:53 | chat.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | trades.roblox.com | udp |
| US | 8.8.8.8:53 | accountinformation.roblox.com | udp |
| US | 8.8.8.8:53 | avatar.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| BE | 2.17.107.201:443 | apis.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | udp |
| GB | 128.116.119.4:443 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | catalog.roblox.com | udp |
| GB | 3.162.20.13:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| GB | 128.116.119.4:443 | catalog.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| DE | 35.157.243.125:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| GB | 3.9.154.15:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 128.116.119.4:443 | catalog.roblox.com | udp |
| GB | 128.116.119.4:443 | catalog.roblox.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 201.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.243.157.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.154.9.3.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | catalog.roblox.com | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
| NL | 45.128.232.210:443 | roblox.com.kg | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_4848_YRGYOQOCYZHWMBHZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06b596da51e47800a0800ecdd616abf0 |
| SHA1 | ec3f719f9c0f3228f9ce7a6161e449defd635e1a |
| SHA256 | ef61c982274eb1e4cecacb99951b5dadf405d1ef7679f7e87bde6309f8033145 |
| SHA512 | a1649162e4e90364c02bee86599a7ee9512fa0c61d58a21b0bc8962337343e6b16c2f7d97923d02d402623bb6599ae141a5938d1ed4ada060665d3c576779a5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fb2b09f09cfae30435a9ab0e5527954f |
| SHA1 | bf3c4b6108ecf73963e9b162c0cb768087ed75ec |
| SHA256 | 71d600ef5d28bcae2baa3f64f5184f6b6273c22a37196a9dd595e905132a2678 |
| SHA512 | 18a0138adde957bd7d374ea2a55cd4565f4b5465d984abeb81c29d4d53b0b7a8708563601d89a9594a8d7110f4b9c1c9326f5e13bd43df662aa7600df525d34d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a8b17c94147f575c2a6f8f8317871a8b |
| SHA1 | a06ed51fe67094e81f02f37b893850fae044e434 |
| SHA256 | cc13b1e7c9932620ef43770bf5feedcc7e5d736c588a53f0260a33d7e83ffd47 |
| SHA512 | 31b55aa6ab51b4d74faf7ea5e7a5dc01f9f13408005858ad55adfd57dc262103133631edeb260978a50938b721288b4cc6f6803976f0b586587259662df2b9ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 62e356a11a541c1fa0130cf7207fe7ba |
| SHA1 | bc3846fb95405682497f107d5295e57b30bbd286 |
| SHA256 | 15f6e8501d24bb6f535fbedc29e54e4bc662cdd111ac199309880f7b49b9ce66 |
| SHA512 | dfd47e9b63e6804326155eec4a7eb3aa3bac7c7085ed0c1ac5bdae2330486ad4e571340cfdf4383564469e4d6e7e916a9461cc093691dad1efd055f619f630b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578a10.TMP
| MD5 | be6294ffd04a99c5aaa6bb4d59cacfdc |
| SHA1 | a48ec26c33725a35a4352b1b4c3e580185eda42d |
| SHA256 | d9d051aa0fea79e96e0bbfa7ec285016ace275377ac52f54de2959b66d81e885 |
| SHA512 | f22cdda2399493539f6820c5188204d98816d4a9982b662dd02bea2a6e2ca990b81d8e4ac8befea1579991d0fad805b7bedab2e322f2feb27101a110bc26f7cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5308a058ae00c904e92efadf6497575b |
| SHA1 | 3207247883bf9e816d5362421e3a59239518ad84 |
| SHA256 | 93753cd74c7a439cc7f9f3ead073de8e21de4bb9c8f3d5065d39a1f2b927e6d2 |
| SHA512 | 77f4a2295f779256698d755cc98232ea5936e1e564d2726fca8a8266c42ae3f0a447ee269013174b378dc894c8705b6dd6430b873e2947f34f783e74a3321d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c82aa8f617bdc199f08753f30d01f6d6 |
| SHA1 | 015bdafbca976b1bc67b0dda18b86405cf90f573 |
| SHA256 | e1183994a6711a6b6bba91de4216750ed145f96efe130deeabe4890328fb6cb6 |
| SHA512 | 54cddb6500c548be173549060e399b9302155f40d239749c0ae642088b623ee3949a1dd891cbc2371edfb953500b19393c5b6c22b767b036bc76f21a7814b475 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47974c348468af8ce54b81e2ef4a5f35 |
| SHA1 | 8fb24baa9920af1ce29e17ee5b1e0545255f77a7 |
| SHA256 | 32d87c1dc5620ef3c8977aad6c395133bb68ce5bba08bc6bfb32d5f3db2438cd |
| SHA512 | 0c56d2a10e76814dd12e365a8128d3d3b4f344901345c1d5cc71606a341c7701bd869f58d2f4f6f703c7aa572b6e30e624e2a2984686fe876a9f3156520d9c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\62f6df21-3aab-4144-8eaa-0368ad0a1309.tmp
| MD5 | 2bf065d1b88d0908eb659511acd92e7d |
| SHA1 | 83988902f347d8d00e7e74ae2737f7ff95c47e7a |
| SHA256 | 3247ccf28f89f98ace4c29737693be66fc4957a0a1a9c8440b94e7e3349d77b6 |
| SHA512 | a0793d1085924b738dfb278b54ea7810b6d49db735d6d6a6fd7c32998a8eb5deb354a6ec976a895074ea8cf0994cee0fdb26b9e82c13743f5458d02e10cb8a28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b99183f3827b3d271c65d8f0b419b3de |
| SHA1 | fbf89820c7c5cb76972fc1fcee7ca0c195aca277 |
| SHA256 | c4aae5c43cb4e0a6fe712ba3db70ad3c6f6165c910617ea15fd26169a4cff90a |
| SHA512 | 11a8e0b9171cfcf37699d30b4a9c353bfcdf8ac4b8301b1cf344c3957ba86e1cac385db0ff4feb80f88ca6794bee57b1c9baf15e175228132d63975466415aea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7e88bb4c1041603280df0a024e2f4f55 |
| SHA1 | b796d528a2a9f6f8d99957ca4c1f69820e408652 |
| SHA256 | ceb38bb2a715f315b2151e2bb2bc5a3bd9a1b693426549e652b483591cb768ad |
| SHA512 | 6c7347cf39fd668b1ae94db59ee78aab6e484e9560b235ef89fe488fe405a46bb76271d092b595b370e63db08884476e7b0f5941c483a746dd66c366eb6c6283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25fe8409d9ca2429cdd21a0f660fab03 |
| SHA1 | 0bd5ae2b7bbe224c6ea067ea171be8cceb1b6395 |
| SHA256 | 3be0a512bafe1ad919f79360f9b2b3524053a84946ad03e3799a0f6e6c74b05e |
| SHA512 | c5475658f2a7beea7b56c4d0c94e70aed84f117bfb2ef01826ade85007caf9e8548777e5d58ea73e34d7cedf11ceb5a1d2c6842c0b4bccb06056b0b71bd215be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 53de0b95fcc43b9b700d7b92255816a1 |
| SHA1 | 4d3c8fa34b8f535eb48361f434b3d501d48ecd33 |
| SHA256 | 9feb0a11a6ef66aab0cae9db9003caf6956e40584669360e1b1cca3e3d0b273b |
| SHA512 | 7d2ce8836584f9352a34ce398e7c731e766bb0ebbc743b04dd51e4b0eebab5dc6b323e038508a1ee3b108fd63e76980fa8dd3a3abfcf04af8bf3a019d502a6d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 383f4498e1775da4384bb29e6b3a4d07 |
| SHA1 | d7afe5cd32e4fe92080cae20890c0c85d73897ab |
| SHA256 | ee48f8f273317f1dbe941d58584f9a2de8d4751e1f0a5ae4d37be578fc62266c |
| SHA512 | e423e39421acfccb60504b29e13b1783305bff8f845df191f5a978b6f4ab35f955c6cb847ded12cff91ba82fe2b1b77f8255eacb70c7f8f719337b069e10be85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | 793b639f0483074bf878fcf19c131678 |
| SHA1 | b1a2ef0fd4d7944a9519e54e3201a05c62c90415 |
| SHA256 | b214fce2614aec5046a24ad48e5023ae8d29fda0d8c510f6dfa116f684566869 |
| SHA512 | 1aa25f77f1075f79f9d188ee9bb4a5569db406f2cbde550c7eb6c3377d3bbea5cfe86f1328248f8772020a90093c133de90c09cd2e50048fe2d400e807526238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c061420a-74fb-4eb2-aff7-ebd77095526b.tmp
| MD5 | 3e21dd5769d616aba4e963aa5c32ea73 |
| SHA1 | 7742e04b7393b5150145858694d74366661cc5ae |
| SHA256 | 459a8a627b7c163c0c809aa6dedd9e571944cdbcbcf75266fb050460836daba5 |
| SHA512 | cd826db0a22dad29518c5d2c999e6cf1dc496ed5865688423affe559a16329f11c6a24e883e8734e0fd78d567a8cf02006976dc9ed2db5b8bf6b0a021a080a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e94fc29c20a823c1d4a4167d0bd071e3 |
| SHA1 | 948e4547a586ff65cbd6570dc27464735ecc5037 |
| SHA256 | a4ec74b82c515f191de83ffa4987d7221ae0125c24989e1cc1ef5417b61eb6b7 |
| SHA512 | 721b33f4c639acbfe62232e8beace1f74b34943fd8d11003eb9121f9b47ad315b50425ac0aa38dc6645eb6c878e16519262a7fa28794ec92adbedf6a8a9a6aa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1f109196bf492b54f630ce2336045da5 |
| SHA1 | e8eaa353367454eabdd069ec3d6c4e07d2bec160 |
| SHA256 | 46f35bc6d8f680563e972d38c6b5312c08ac8b37db3a6ec286395e9dfc60e8db |
| SHA512 | 2a098bfd857f76f5de25168b21d08dd713843088608be5552099d43c08e6676b1f1a5b6f2a365764caaaf1d816b975cda3c56d2464b217b534b0c250303e38de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b99bf94527c2b812a8245d1664d4b59 |
| SHA1 | 3c00ae318c1c5d5589663ed7f9377a200d5ee670 |
| SHA256 | 0a018c63d07665f9ebcc4339893798a21f5804810e6e4758df52278e9e1bf2a0 |
| SHA512 | c161ec8773b4e3f6f0ee38b2ae38a41513bcae7b206caaa06991584fb4d23489a0547061af7ccd9ffefc71de5ee74b32d0a6cfc5cc8e355f0460ab1bac56cfc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 88d6dd88a52879a7c73b056491f3921e |
| SHA1 | f6ae4e3857fd484909aaa79e57832234ea800038 |
| SHA256 | b11134773f5ee82f53b12496e3b786a63494d471e9fe0a6fe3bdec875cfb0daa |
| SHA512 | 7fcfb839253efbf69372fd487e0d4551757ffe33ad4ecf695185efeb294b2bc5b9444c87c274582c8a1ebb1852dfc9a17eee6163369cff654bad75686c4efdc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 89b3be176d888aae26e5f167983d9efb |
| SHA1 | 0c90f4d99adc2a62a6cc00c4a37cf9f995386a4f |
| SHA256 | 86080e6c31d3dc3acd7a3ba9c3dcceacfa9c419313f8cb60fc94c1a374816648 |
| SHA512 | a211bad4a96176f7a22bef0fcccd104f3ee965e472c66b44e7c0b2263d41f110073ecfbded3b16e383f7d7cffd7ac781f4a801e144807bf053e7bee0d6c8336e |