Analysis Overview

score

10^/10

Threat Level: Known bad

The file http://wwm-roblox.com/games/6403373529/UPDATE-Slap-Battles?privateServerLinkCode=96710708575114978712317766150509 was found to be: Known bad.

Malicious Activity Summary

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies registry class

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

System Information Discovery

Analysis: static1

Detonation Overview

Reported

2024-06-22 13:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-22 13:30

Reported

2024-06-22 13:32

Platform

win10v2004-20240611-en

Max time kernel

83s

Max time network

88s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wwm-roblox.com/games/6403373529/UPDATE-Slap-Battles?privateServerLinkCode=96710708575114978712317766150509

Signatures

Enumerates system info in registry

Description	Indicator	Process	Target
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{6DDA92CD-52FF-4AC6-9721-8A5F60B7DBF3}	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of WriteProcessMemory

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wwm-roblox.com/games/6403373529/UPDATE-Slap-Battles?privateServerLinkCode=96710708575114978712317766150509

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a8e446f8,0x7ff8a8e44708,0x7ff8a8e44718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4192 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x49c 0x48c

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3080 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,10338048472388394228,1342161719781632120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1

Network

Country	Destination	Domain	Proto
US	8.8.8.8:53	wwm-roblox.com	udp
NL	84.54.51.149:80	wwm-roblox.com	tcp
NL	84.54.51.149:80	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
US	8.8.8.8:53	149.220.183.52.in-addr.arpa	udp
US	8.8.8.8:53	149.51.54.84.in-addr.arpa	udp
US	8.8.8.8:53	71.159.190.20.in-addr.arpa	udp
US	8.8.8.8:53	css.rbxcdn.com	udp
US	8.8.8.8:53	static.rbxcdn.com	udp
US	8.8.8.8:53	js.rbxcdn.com	udp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
US	13.35.198.62:443	static.rbxcdn.com	tcp
US	13.35.198.62:443	static.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
IT	18.65.64.62:443	js.rbxcdn.com	tcp
US	8.8.8.8:53	144.107.17.2.in-addr.arpa	udp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
US	8.8.8.8:53	roblox.com	udp
US	8.8.8.8:53	roblox-api.arkoselabs.com	udp
US	8.8.8.8:53	images.rbxcdn.com	udp
BE	23.14.90.112:443	css.rbxcdn.com	tcp
US	13.226.244.97:443	roblox-api.arkoselabs.com	tcp
GB	128.116.119.4:443	roblox.com	tcp
US	8.8.8.8:53	ncs.roblox.com	udp
DE	128.116.123.3:443	ncs.roblox.com	tcp
IT	108.139.210.69:443	images.rbxcdn.com	tcp
IT	108.139.210.69:443	images.rbxcdn.com	tcp
IT	108.139.210.69:443	images.rbxcdn.com	tcp
IT	108.139.210.69:443	images.rbxcdn.com	tcp
IT	108.139.210.69:443	images.rbxcdn.com	tcp
US	8.8.8.8:53	112.90.14.23.in-addr.arpa	udp
US	8.8.8.8:53	62.64.65.18.in-addr.arpa	udp
US	8.8.8.8:53	62.198.35.13.in-addr.arpa	udp
US	8.8.8.8:53	72.130.222.52.in-addr.arpa	udp
US	8.8.8.8:53	104.201.58.216.in-addr.arpa	udp
US	8.8.8.8:53	4.119.116.128.in-addr.arpa	udp
US	8.8.8.8:53	97.244.226.13.in-addr.arpa	udp
US	8.8.8.8:53	ecsv2.roblox.com	udp
DE	128.116.123.3:443	ecsv2.roblox.com	tcp
US	8.8.8.8:53	3.123.116.128.in-addr.arpa	udp
US	8.8.8.8:53	69.210.139.108.in-addr.arpa	udp
US	8.8.8.8:53	g.bing.com	udp
US	13.107.21.237:443	g.bing.com	tcp
BE	88.221.83.184:443	www.bing.com	tcp
US	8.8.8.8:53	26.35.223.20.in-addr.arpa	udp
US	8.8.8.8:53	237.21.107.13.in-addr.arpa	udp
US	8.8.8.8:53	tr.rbxcdn.com	udp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
US	2.17.251.30:443	tr.rbxcdn.com	tcp
DE	128.116.123.3:443	ecsv2.roblox.com	udp
US	8.8.8.8:53	www.youtube.com	udp
GB	216.58.204.78:443	www.youtube.com	tcp
US	8.8.8.8:53	184.83.221.88.in-addr.arpa	udp
US	8.8.8.8:53	30.251.17.2.in-addr.arpa	udp
GB	216.58.204.78:443	www.youtube.com	udp
US	8.8.8.8:53	i.ytimg.com	udp
GB	172.217.169.86:443	i.ytimg.com	tcp
US	8.8.8.8:53	googleads.g.doubleclick.net	udp
GB	172.217.169.34:443	googleads.g.doubleclick.net	tcp
US	8.8.8.8:53	jnn-pa.googleapis.com	udp
GB	172.217.169.34:443	googleads.g.doubleclick.net	udp
US	8.8.8.8:53	static.doubleclick.net	udp
US	8.8.8.8:53	www.google.com	udp
US	8.8.8.8:53	yt3.ggpht.com	udp
GB	142.250.187.234:443	jnn-pa.googleapis.com	tcp
GB	142.250.187.196:443	www.google.com	tcp
GB	216.58.213.6:443	static.doubleclick.net	tcp
GB	142.250.180.1:443	yt3.ggpht.com	tcp
US	8.8.8.8:53	78.204.58.216.in-addr.arpa	udp
US	8.8.8.8:53	86.169.217.172.in-addr.arpa	udp
US	8.8.8.8:53	99.201.58.216.in-addr.arpa	udp
US	8.8.8.8:53	34.169.217.172.in-addr.arpa	udp
GB	142.250.187.234:443	jnn-pa.googleapis.com	udp
US	8.8.8.8:53	rr1---sn-aigl6nzk.googlevideo.com	udp
GB	74.125.175.102:443	rr1---sn-aigl6nzk.googlevideo.com	tcp
GB	74.125.175.102:443	rr1---sn-aigl6nzk.googlevideo.com	tcp
N/A	224.0.0.251:5353		udp
US	8.8.8.8:53	play.google.com	udp
GB	142.250.179.238:443	play.google.com	tcp
GB	142.250.179.238:443	play.google.com	tcp
GB	142.250.179.238:443	play.google.com	udp
GB	142.250.180.1:443	yt3.ggpht.com	udp
GB	74.125.175.102:443	rr1---sn-aigl6nzk.googlevideo.com	udp
US	8.8.8.8:53	234.187.250.142.in-addr.arpa	udp
US	8.8.8.8:53	196.187.250.142.in-addr.arpa	udp
US	8.8.8.8:53	6.213.58.216.in-addr.arpa	udp
US	8.8.8.8:53	1.180.250.142.in-addr.arpa	udp
US	8.8.8.8:53	195.212.58.216.in-addr.arpa	udp
US	8.8.8.8:53	102.175.125.74.in-addr.arpa	udp
US	8.8.8.8:53	238.179.250.142.in-addr.arpa	udp
US	8.8.8.8:53	196.249.167.52.in-addr.arpa	udp
US	8.8.8.8:53	www.roblox.com	udp
DE	128.116.123.3:443	www.roblox.com	udp
GB	128.116.119.4:443	roblox.com	udp
US	8.8.8.8:53	apis.roblox.com	udp
US	8.8.8.8:53	metrics.roblox.com	udp
US	8.8.8.8:53	locale.roblox.com	udp
DE	128.116.123.3:443	locale.roblox.com	udp
US	8.8.8.8:53	apis.rbxcdn.com	udp
BE	23.14.90.81:443	apis.rbxcdn.com	tcp
DE	128.116.123.3:443	locale.roblox.com	udp
US	8.8.8.8:53	auth.roblox.com	udp
DE	128.116.123.3:443	auth.roblox.com	udp
US	8.8.8.8:53	81.90.14.23.in-addr.arpa	udp
DE	128.116.123.3:443	auth.roblox.com	udp
US	8.8.8.8:53	183.59.114.20.in-addr.arpa	udp
US	8.8.8.8:53	206.23.85.13.in-addr.arpa	udp
US	8.8.8.8:53	assetgame.roblox.com	udp
DE	128.116.123.3:443	assetgame.roblox.com	udp
US	8.8.8.8:53	92.12.20.2.in-addr.arpa	udp
DE	128.116.123.3:443	assetgame.roblox.com	udp
US	8.8.8.8:53	realtime-signalr.roblox.com	udp
US	8.8.8.8:53	lms.roblox.com	udp
US	8.8.8.8:53	thumbnails.roblox.com	udp
DE	128.116.123.4:443	lms.roblox.com	tcp
US	8.8.8.8:53	contacts.roblox.com	udp
US	8.8.8.8:53	notifications.roblox.com	udp
US	8.8.8.8:53	accountsettings.roblox.com	udp
US	8.8.8.8:53	economy.roblox.com	udp
US	8.8.8.8:53	friends.roblox.com	udp
US	8.8.8.8:53	privatemessages.roblox.com	udp
US	8.8.8.8:53	trades.roblox.com	udp
US	8.8.8.8:53	4.123.116.128.in-addr.arpa	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
DE	128.116.123.3:443	trades.roblox.com	udp
US	8.8.8.8:53	mia2-128-116-127-3.roblox.com	udp
US	8.8.8.8:53	bom1-128-116-104-4.roblox.com	udp
US	8.8.8.8:53	iad4-128-116-102-3.roblox.com	udp
US	8.8.8.8:53	atl1-128-116-99-3.roblox.com	udp
US	8.8.8.8:53	mia4-128-116-45-3.roblox.com	udp
US	8.8.8.8:53	lax2-128-116-116-3.roblox.com	udp
US	8.8.8.8:53	aws-eu-west-2a-lms.rbx.com	udp
US	8.8.8.8:53	aws-us-west-1a-lms.rbx.com	udp
US	8.8.8.8:53	aws-ap-northeast-1d-lms.rbx.com	udp
US	8.8.8.8:53	c0.rbxcdn.com	udp
US	128.116.127.3:443	mia2-128-116-127-3.roblox.com	tcp
IN	128.116.104.4:443	bom1-128-116-104-4.roblox.com	tcp
US	128.116.102.3:443	iad4-128-116-102-3.roblox.com	tcp
US	128.116.99.3:443	atl1-128-116-99-3.roblox.com	tcp
US	128.116.45.3:443	mia4-128-116-45-3.roblox.com	tcp
US	128.116.116.3:443	lax2-128-116-116-3.roblox.com	tcp
GB	35.179.56.112:443	aws-eu-west-2a-lms.rbx.com	tcp
US	54.215.216.30:443	aws-us-west-1a-lms.rbx.com	tcp
JP	54.178.237.198:443	aws-ap-northeast-1d-lms.rbx.com	tcp
IT	108.139.229.18:443	c0.rbxcdn.com	tcp
JP	54.178.237.198:443	aws-ap-northeast-1d-lms.rbx.com	tcp
US	8.8.8.8:53	112.56.179.35.in-addr.arpa	udp
US	8.8.8.8:53	18.229.139.108.in-addr.arpa	udp
US	8.8.8.8:53	3.102.116.128.in-addr.arpa	udp
US	8.8.8.8:53	3.99.116.128.in-addr.arpa	udp
US	8.8.8.8:53	3.127.116.128.in-addr.arpa	udp
US	8.8.8.8:53	3.45.116.128.in-addr.arpa	udp
US	8.8.8.8:53	4.104.116.128.in-addr.arpa	udp
US	8.8.8.8:53	3.116.116.128.in-addr.arpa	udp
US	8.8.8.8:53	30.216.215.54.in-addr.arpa	udp
US	8.8.8.8:53	198.237.178.54.in-addr.arpa	udp
DE	128.116.123.4:443	lms.roblox.com	udp
DE	128.116.123.4:443	lms.roblox.com	tcp
US	8.8.8.8:53	presence.roblox.com	udp
DE	128.116.123.3:443	presence.roblox.com	udp
BE	88.221.83.250:443	www.bing.com	tcp
US	8.8.8.8:53	250.83.221.88.in-addr.arpa	udp
US	8.8.8.8:53	25.24.18.2.in-addr.arpa	udp
DE	128.116.123.3:443	presence.roblox.com	udp
US	8.8.8.8:53	88.156.103.20.in-addr.arpa	udp
US	8.8.8.8:53	wwm-roblox.com	udp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp
GB	216.58.204.78:443	www.youtube.com	udp
GB	172.217.169.86:443	i.ytimg.com	udp
GB	172.217.169.34:443	googleads.g.doubleclick.net	udp
GB	142.250.187.234:443	jnn-pa.googleapis.com	udp
GB	142.250.179.238:443	play.google.com	udp
GB	74.125.175.102:443	rr1---sn-aigl6nzk.googlevideo.com	udp
US	52.111.227.14:443		tcp
NL	84.54.51.149:443	wwm-roblox.com	tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	b704c9ca0493bd4548ac9c69dc4a4f27
SHA1	a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA256	2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA512	69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

\??\pipe\LOCAL\crashpad_4848_PZNAVTWUFKBCFZFH

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	477462b6ad8eaaf8d38f5e3a4daf17b0
SHA1	86174e670c44767c08a39cc2a53c09c318326201
SHA256	e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512	a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	e0af671e4b14d7e4d58b048b89195f44
SHA1	54c07d13e594e78c70c46c11e5e8ef61a31a1d33
SHA256	cc022e4a078e8739775bed9b9f1da113b94f992dd6933bb5f7fe18b4de61f7a5
SHA512	7ece2df51b8d300c2f8592b814f6845bd459e71e1df3a90e1cc96b0ae954840c4ccbfbd9706a12413ab1a2a3dbf7dc2b4de3779c251bad1b85de53b3cd426540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5	46295cac801e5d4857d09837238a6394
SHA1	44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256	0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512	8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5	206702161f94c5cd39fadd03f4014d98
SHA1	bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256	1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512	0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5	e958430229c388b3e746b12353cf8a73
SHA1	130f6c2795354ceb96e4e1252356d7b27cfaea9b
SHA256	323d6e3019deb01dbace9d3931e5be98847d4f731b0615c80461d90989e923a2
SHA512	073b0ff9d92c5468c5ef913280c86809221d9352a1f5bdb6187cc6c43088cc06f78854c5566aecf1411786a9013c354d06ca7e5d97cbed4a8eb7e6a2a007819e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	a51333de2a58b877a1266199d46d38a0
SHA1	bd17ed5d51c45a02a61173925db14a8ed5fdda5d
SHA256	6df279069c2e0ad0086522ae88b0ed1f27a7b9add4ff6bed8ea3e535f329c0fa
SHA512	9308168a0853e1f7adb7012d4032a5b1dee9a7db43fe918dc65d285bc68afbb23e1e5edc22a9ff14f9e0408e87f1504caa926494f74ac9a4fe479be1d61ec84a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5	285252a2f6327d41eab203dc2f402c67
SHA1	acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256	5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512	11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	a1ed676ab9a74a160d6416796a2caddd
SHA1	ae63ef6fe61bacc847ac388daf58f8804550f48d
SHA256	d461f4f0e3e9355b4d88d207026b320cbe9e2851405edaa6ae4d2947e19cdbe5
SHA512	77dd91f64ec1ed3c2063e8459942888613aef24838273c2b8af645547b5fef85eccd79f44792bdcb77836e6c617a836cdeda0c65226fdf65d6e14006e93476a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579fca.TMP

MD5	5a5fd3e53ec0d0690e2848e5293f016a
SHA1	41139bc8ab6ad194ec4bc64f5b3bc0d0ab12a44b
SHA256	808743d2f2b9cc2ceb74ce47355f67e8bd4f5e4cf93e4256dbc5b08eb42f45a8
SHA512	e6a9a93f6f0a4944881aed18beae15d82d8994c137e098dc4edf29f6a6a5b7db2d0ffdfb8266d9bfd5d7101c54e0d6f349c17a5271f504415c053e104cfbfa20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	bbf4602e4360810f1c11663dc898329e
SHA1	4f038cd49320d679085145c3afdaff3fd8ce5895
SHA256	19ea3efa848d18eaf29f853125b798679c406b69153f85d4e29f64e39e7a7adb
SHA512	2ea3bdbbf52256f7488ce995d1a6e1e8547a3d851b099b423e8ca132df29738151608c4d853cf2fcc9768b1c0a115cb93096e401d6f7e9838245c74181583fa0

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5	f3b25701fe362ec84616a93a45ce9998
SHA1	d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256	b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512	98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	cca26b4f58534d3f4e6cce8a100a1070
SHA1	62609ca8686263439eeb24bd5b045454b9d81cbb
SHA256	e0fceef5f88652d6d6f3db08f1e0381f1b5ef1398ace58e25779b3d7a74993c6
SHA512	9d98dee1650f8edced69ddb4cc65a5fef7d7c1ca6775e09cd1e7102c2f20c3cb0c8b651a2f25f984f237b721a39677943700bca7e6f15c69285366e888626383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	b180b057d1c31d5719a7ffcb6a1493cf
SHA1	ac3288994617ecec5b5b0e06c61d3b98e2f776b8
SHA256	b430b0810a3f58e26bb5c1e87a790a64a21a867a2cf4ad0b6ddb91a49ccfa682
SHA512	4b8f165f8e52dacc7963b8d1c6db0d111c5cbf936c224567a19d2baa808cdabe21b5034ea480df4ba8c1049681a1398a6928498b2abeadb86fe246710f01d1b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

MD5	759ab24cf5846f06c5cdb324ee4887ea
SHA1	41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256	7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512	3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

MD5	3fd11ff447c1ee23538dc4d9724427a3
SHA1	1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256	720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512	10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	c70d8025a96f48c2b1a938834f7769e7
SHA1	afe78a7356de22e1a039ff1d950b8d437095c7c2
SHA256	d9d6ce3ff11026613122366f7df54a4cf753a24d6dfe9e5647c6619cdbf6562d
SHA512	466e7f1e351ab1cfbe3c0ee03f4a2157f80b45de151ff642e906b7587a37b2253290c9f01728b33ccd487a6455895815091657f226cc4d40162187ee50b63603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	d285fa5f451ae6a6686c3ad5e44ed51a
SHA1	e050b8d2b25807a30cc8fae2d384ed5d5b13b64a
SHA256	4da8177ae896cfbfd6d9d27069837aa73e41258391e492389864b12065d2ed6d
SHA512	0106b20bbc696ec89eacfabb26fdf39ca5d2164b860c4b750f5fbac3dc031a3c13f653b5583da1116faf889839d787a1b39c884e7f166b15181552be95b305e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	f9b22bdadd855e016f5ffcaa65382bf7
SHA1	8466d2b147770df38f886bb0d395b9045d55d256
SHA256	41aed082ff240ca6895beb7545da726c4846c3ea190d942ce553fd5911965755
SHA512	0da8b3ea059348eb5b855372de0a248e5f029a9a18757202cf0c2b1bc7d34a44057ad5d05fdbb584d89fd75e6d8d0174160bb632d57a0ebb8c46ee2246d1f30b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5	d6b30708d8450d6f0ab0a202de1c4c87
SHA1	859a9d141bb60475c79df9f2bcd00edea9e909fa
SHA256	463ead5dfa3b28bf7eed50a3e08d171798d2ae71bd567f37e040d5bdefbf880e
SHA512	85e6737138113ee12e0e99024d944d727451f4e3918f0bfa14e51e8eb34b377182a0033a8a9b22e5aaf8241a2c2484182a3ae77f33daee8148e15fa3a46bfcaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	0a63dd7481f122368ddcec3f3956e706
SHA1	7f451f33be4916fbd891410fe4d7bb3e0e41b0d1
SHA256	cbc1aa84333c4fa757e1cde1c4e35eaf2b6a48d2015d411325c7e379856b01c6
SHA512	9940532bfe8633409eb189082dd0fc44869646a56a35d3af96fa0fe11882e4121be520ca30bae6a05a4457e0ac5c75c2421509ba56096530abbceea5d4c3f7a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	56c51b2bc319c94fab86249e428fdaf8
SHA1	ade8aefa9ae804fb7543a06403e8d75b8af5459c
SHA256	a89007b811e1c5e91afa88951c75a55d1a2e9e56e0e77529159e8a90a20436e4
SHA512	9f6c6b43f92ba9a59a260070ec8422378c91a7ecd7ce9d862fd39bf046f97e04aba9d2339bc461a860cd24f27723e2f4d0b44c12215bca016ab61959d6f7b329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5	afcb8f6daa231449d6d7860e77c234ba
SHA1	2444cf8aa73e178e5fe0d086291aa8d88eec5e47
SHA256	30ba5079f7e3c1707c60a0ebdb32dd35418005738101b6c7acb04e670a1a96d7
SHA512	7cd7550616477654f52c0bb14ac49d4b9945243eaa78f05a37bfec8f0801697c7cd3d65bad7595ff45fb5bc071b199701af0bec2f579c18c28d03039b3ff0d8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5	99adec199701191fda80529b0506e475
SHA1	ba63a6135825ed9f463762fdb1fe8e4a3cab26e7
SHA256	86301cee42e07c559f6e99eb7e7270015f1b0617d1169feb1310508d4c6e004b
SHA512	c4ae0733870ef45a493685a3871c77dc2f9373d6104b429d38d508b5e6b0263114b0680e46e57ca20dc236cd45a4f6be4a1d1fd54945015f6bcfbd379e911267

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5	f22cc5891165767c043ff655978e2b03
SHA1	0ea162d683a5bd7f5868fdff47b89156255e99ec
SHA256	db961fb086ead984e0bb801158185212d9a7a7fe8d04e843dad2a499b05dfffa
SHA512	9fd40e7fc0c535bc42ef96afcd1845a53173d7bbfdc36381fb9aec8b76a9341d7fc3ce904c27b8b87cdad42e7350a572859e9c75a02b29204c86d8e379806d90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5	be0b3a8887f8e5d812730a30032b0407
SHA1	bf00ff7e51af58973883dc88e1a8afb64908da06
SHA256	fff8b3964ef0225a09c191c0c5be6c84f71f11fcbd75ff371efc56bc5833998c
SHA512	694abb7dc7e22225b76f898bfb9b570151b27a397542c9aeda902d3380e4d823f364303b2d2cb4c1d1ab4865a188a0ef60fbd35a74cce91a467eb4b6f0265137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	b991815a9c98e650f77e3d8096c014e2
SHA1	f70e597ddbfc7cf584a6c8e7a34776f9e50d1110
SHA256	87ddf348d0da65a64381c0fbcf7f403826c11c0da877a43ecd7a24a359bb4087
SHA512	ba7dc48f78f6ba1c3c98805a7a7d6e52c07ea0f6eb0441f7b9802bc15519b6894c9ad4d1245046987c96575fc99bb976fe197fef6fc9312eac43ec4d55aed1d0

Sample ID	240622-qr4hfszdqc
Target	http://wwm-roblox.com/games/6403373529/UPDATE-Slap-Battles?privateServerLinkCode=96710708575114978712317766150509
Tags

Malware Analysis Report

2024-07-28 06:42

Table of Contents