Malware Analysis Report

2024-10-19 11:16

Sample ID 240902-gfqb1sthrb
Target https://www.roblox.com.bi/users/5445740091/profile
Tags
evasion discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.

Malicious Activity Summary

evasion discovery

Drops file in Windows directory

Resource Forking

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies registry class

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-02 05:45

Signatures

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 05:46

Platform

macos-20240711.1-en

Max time kernel

17s

Max time network

19s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=28]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=288792077 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=63]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=288842167 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=63]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=295893266 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=296400771 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=75]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=296857282 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=76]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=297457284 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=77]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3914504265359069081,13998562571428132961,131072 --seatbelt-client=94]

Network

Country Destination Domain Proto
GB 17.250.81.69:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 www.roblox.com.bi udp
GB 142.250.200.14:443 clients2.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 88.221.135.3:80 r11.i.lencr.org tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp

Files

/tmp/com.google.Keystone/.keystone_system_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 0aa49939d1e7077de5b774c62fb267b4
SHA1 570e35ca84987ef2c7ce85c91ed7c3919043b5ce
SHA256 b39c5d6ce82cdabf1d6ad63a29ff8ef2b2fa47dc0342b352f5db0ffcce26d1b6
SHA512 994fdb6c4665e01f75fa795ab8958e6ec0661583df25fe3a02fdbc49f46f9aa03d7effa642b0a0725229fd8e2a2474ec0ec96d4f1754bc28a43b949cbf33fc03

/Users/run/Library/Keychains/login.keychain-db

MD5 71158c56c734932066593d2ba32f4047
SHA1 7decb118235eb467e94a42a905e2d34c175521c9
SHA256 1f5d63e8c7787b9fb501671709403ee54970c744e7f83b44e4aeb6fefc036bd0
SHA512 cd8abba22e91ca44a999bf6b9259d12652d144ec65310e10b80171e767f9718d5d0a6609523fd49edaa1a32348de990172ef54cfdd9dee4f88811ace31e53b0b

/Users/run/Library/Keychains/login.keychain-db

MD5 e743e300989aabeaaa874355b2a7a887
SHA1 ee7d96d245f74d592b6fef895292e65add51cda9
SHA256 0a7c76c0321e9ef340a43e637b7401f4aa0af58b4c4ffd1641c5c2a275ab6c5a
SHA512 cfe6f38c1d7eb81cd1a9ed9c69d00a501f28d62891694d830e56ec790f29ca75ed8df1e9ca62309934edf0898f3cf194c620fc370662961705b2c97f96817a59

/Users/run/Library/Keychains/login.keychain-db

MD5 7ab7062a2e3caf7b6d5b92d91bee6492
SHA1 9fea6d2cae1caab138869db887e4f0cdf9c4b300
SHA256 a66f5f90aacdf16d01aaf26fe6dc5cb469cfae9e7c985377edcfc2a57c28498e
SHA512 917c738d16d1f477255c486d45a99c52a14bf959d00763c42a89d0899951e8046c07bd7e8cb582f3411e16f3940acc44a0e3dd6f5ebb8081573b2ae641bbd606

/Users/run/Library/Keychains/login.keychain-db

MD5 9cb7ba0fb214c5698ebcfbf12fc5140d
SHA1 c9ae5799463cb3f733ae16b0c6b335fd4000c347
SHA256 3b0f99719abbc8b28462e5598acb91f20033ad38fc73aed40ce4cb64879784f8
SHA512 1ea7e7588d7b690fc1e04cbf48c569abebf079ac1ea1a0fa0e19c9c7312a578dfb46642a206df722b6e4bb49bd5dcebb4f4d14cd01536be665af1d93a4737c74

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/Users/run/Library/Keychains/login.keychain-db

MD5 43b577c92fb0208203e48c394396a1d2
SHA1 d4448d684868d5b5b58265e710e63b4d44205950
SHA256 0aff5b012897ce4cc7e6e33f90d869c1fecfe828b3ae9ff6adae2af409951087
SHA512 33e94cf079f3ca67e27fcff93cae4a4b29ada5ba0ab52a65e4ab146dc0fc55e2d17d19fa190b36a9990a35110e8105f30d710cfdfd3ad972cc34e9a5b383805c

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

win7-20240705-en

Max time kernel

1563s

Max time network

1563s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e60372fbfcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{97F771C1-68EE-11EF-9988-DE81EF03C4D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000c16dd6f103294bc6fa2a3d409a34ffdcc777a5aa93dd7fdfa0e47de4445211ad000000000e80000000020000200000001597f6b010baa064fda1167e222ab3ac6886f45f7fd25fbcbd2d6e6f4fdb5d4420000000cefe9f5c5cb5ed4dbc10c675ca5aebe754b3a15fcaf4d21c31c05c4d822184d0400000002c4521c1eedd5124b3d9bc1e31dc1cc7a84972c6cc6cc4af05a984094a931883f15cc80ed9a843547605a14e4ee2dd025e2e3c3a792205e0280939f3416d430f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431417811" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 88.221.135.9:80 r11.i.lencr.org tcp
GB 88.221.135.9:80 r11.i.lencr.org tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.135.115:80 r11.o.lencr.org tcp
GB 88.221.134.89:80 r11.o.lencr.org tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 88.221.134.146:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 263f9f8c189956897d9edda6b7218d0c
SHA1 c81b1a8dac477a8df4af75ec1583d30e64fb3761
SHA256 f50521af8da3382445131ca029dfb0de49015f541ba38860f86ba5e4cc55fe53
SHA512 2bfd26b4d92472ca82db0530f4150f3af5379075c0c362f01508f472e1f6d8ab4d1eb9c5a9580635be7496d9372889328c32dfadeb2eeb0d340b8cb519fa65a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 d28c529baf9a82f56b85f286510c08fa
SHA1 f503c18abadcb4c1da8604908b815f1904fee586
SHA256 dd9254ba16907c85ed4c21082e51e8a08bdf717a2b994856bb05cc0ecad418dc
SHA512 d47341cbed2479bcd6f7b8a5271daa6ad288c42c4cf66bb298b136655ffb2e054bf51434ce49abc3c1fedf35dfeab62eb006a640a124a165b1d05e0ee5d84707

C:\Users\Admin\AppData\Local\Temp\TarD7DD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\CabD7DC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f0a6d55343c05d37879ca569542efc8
SHA1 8218a21d27cf77a98a0fa309546f4963fb41490e
SHA256 1c7a6297efaa1cd2e9614b9ff15870f434dc80fec5eaef289b3e5496e67ffe37
SHA512 9f13359b086d82afb11ecc81d105c0b8ea02c8d4ae7fa041e215ebd57d8a79594abed1d22eaf79212e7949c505fc5fc62f5f73bf25e4bce3c8f0ea5dac42790c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ede0467b58febcea17baeb39ec199fc3
SHA1 30dfed0fb860b19dfceb368429b1fc49ae7ff950
SHA256 8cc826312ff994d9e3ba5449ed8452b4b3fc4a52ce9bb62a27295fe8eebb239e
SHA512 8c21e8b25be4d712ab74f543d43b2e4c1a9970f9179b301513542af87fa92b67b7e654041d2953d8c25619c3c57ddaaaf4460ab21c7feb516a8fc3be04b66ca1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baaace3557e18f44f6f4304a46540cc2
SHA1 f2323d7ea4b682403c13acc46b59fe360277af8d
SHA256 1cb7cab54e690f13f2f725c3d94768a5d8dd345168a069f1ca1fe56f9533b4e1
SHA512 079ca4b0b56dc8ae5321f924690ce7d06ccf2de3adcfcbf3c32efc8496ae1759a12c8163b9c456807e49d24d2c134e2782ccab515914a736f1c83ec2ccb81e7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c795b2223b2869c9d464638923c499d8
SHA1 29d4209e18aead77b6850f789ac26efa7dd29912
SHA256 c591f88d4687d2aafced947d10d820584e7e07b5698786b0483cc47374146980
SHA512 8b9d42ca03a5b3d5d74558fd0e666c7f6542198d9360c5e1297934add5de556012ca145ac0dcb2d6d4b4677a3e3d6e9d1002cabc1616d33a76b3721a4b2ceaac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 50a49b45e5b0a7ff7524371a5f8070aa
SHA1 8856ae14b7cbfd14902fa24ec7f04365673340ec
SHA256 1153d8517c2eda50db32fa5781d45d2f229e02d4e055838f18f1cb5b9cc94d88
SHA512 790c3421db959d09f31cffc6a08bd4f88d1b47101c2b98c49e54ef4373250005b29d1d90ce267aba73415fc9efa6b4966ac3110382cb7f622b74f95dd751b317

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47ad0be2eab7b51ef34d48cd12d05a2f
SHA1 b730f64770f78302656a7e85f8e2ee45822d72ad
SHA256 d4aa5c9bc3c4cffd8c23be4b453f35225428a8da766a2b19efdafbaf6836a873
SHA512 09078c315252b9df45feb68859b035cc107cb5c69f1ea3d99bc2a5f4a1d7781601d802dc2c56e9febbf67ed661c702a88317a087d48ba31a512229e7433f5bf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aea04059d718b5205fc39965049dd2ab
SHA1 5f2f4f014aac98381e959738a1564e2946164d15
SHA256 d1c87ecc57c2bff03669f07e118341d876912e84d13da283b307dd5e44a66ca2
SHA512 9172a4828aa0604a7706f5b264a244dff712b0821465357da190cc12d76cd0f53596f5cd5468bc5978968f2abec398266e6ed37d09faa69ce2ceafd89bb52a75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a198482d11bde9e3805c79b04cbb2e30
SHA1 ca8c77106dd225d534ea47803f188b34ae101fd0
SHA256 deb63d4f98898c1f2eab2deb6d29ac520a5106a8e3c669d0a2a9af2429060e30
SHA512 582a314958cf3a704ca2e8a2d7ba48bb473bb25067f672291fbfc597af9c6115b85841813df8f1ac08793f0bf5f504dd566edb539ed6b98ec4abee00d16b00ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\api[2].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 c3038008ace0e41bf4b7159c4ddc093b
SHA1 dc5238d6c69f5e0ba92a2c562ae724ebe921795f
SHA256 91a3b5086ba7f161810c05237cd3429503cf02f35cfa7eb00d50aac47713a84e
SHA512 0fcbcd11d790a2d961061d1d9b18a2be9b9aa885f22b1a9efcbf4bacf556c088da27fdf4ed71e964259101b51af5fb8f27a2f15a43f33999de2b36ef2350fd2e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 26684ad89ffd59da43dd917995c9d706
SHA1 c314d9fa6c01196f18a6f6d92a3c4cf1051dd0da
SHA256 b2893ae6049012c5fcf92a7d6a34af33da7380a30bbf93f3fd69785bf6f472a2
SHA512 a577140b0bef1f62c1b160df377e57e7335dfd2ed048140ebe72b1945a79f5323ace7dc568daa79f52a4e4c89b82e2d5a2c5ac0df2adf4708f3692ec4b393b15

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 445e99513949e84038e7c7134d407a8d
SHA1 386693fa07d8a057376f1a8d05742ac967f05e7e
SHA256 5d380d56808c87b4b0d88cd69971d6f9409a625a3286fda33499b4172dcc98bf
SHA512 89404631f383a08d79d304f6b307f40bfc3119422c4c5a7028b3e574fa713998630794bb277c9439d1c03fb51efd9eada7c94bb6a7e6acb96a81a98c7dcbbe56

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 9611faac7b060723d7b8e2fdd41375c6
SHA1 0e576c41c5edad3716e208351ba6cad65c52b88d
SHA256 64c5c22e7fd4d00509cf15e83b275ed07ff8c096a082cee118e8536211d79f8c
SHA512 1acd7f4af444e3f449f454b9a4029208965b9d15df37924cee9338f1f814d1ad4271936362757d140a932ab1bda6398f0ff6a2e9ba530999f214656390462f4c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 0ed25c71aaa266fd24bf9c3251cc9ebd
SHA1 1bd69ea1ff2b6db6e8ed138edacdf63c009530df
SHA256 bc9ed200d4eb784883b5a9737fe4fbd055bf76e6fc81926262e607c2ae32bdf5
SHA512 07a4b5448143b113577890db43287e92bec0a367d546152540ee51de5b75667e1dae778c015e70e5f74313520f5da098e448e76d310f16d8846b63738b954ada

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 18248b5dbd93b7f9e5fc929679711cd3
SHA1 121b8a3b968550af12d52b00124a4abdedbbab6e
SHA256 205856f7370d228d7c8989a1b257f4ee7c8798e2725e709cf5dc1421f793ce49
SHA512 94d74fe7a824ba571aa14c2371a9e2affb5700d16722a65361b7d8276dcdb05518d46c5f0fb307f68aee9adb149f704ff43e2acff48bcc51c8a72b00e9675f28

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 984bde570ddfc15031ff65a7a72b58c6
SHA1 661adc8b9710ef8a0cc0d42d601bd7f9a7c6ecdd
SHA256 470adced7b53fd80b4e303c10c6cce0a5ff518f5a6c69552423c183f4bc26386
SHA512 f00a2c52f450c626f3a0b68072c9b557ffd493fc421dc34e338f9b2c88ca560b81ae2e9f145ea4141afdf913914f52fe051321bf713c261f17a14600b2e57149

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\js[3].js

MD5 cf1330645cab6b67524c8763b45f0714
SHA1 87627e5cbcf23ae154c832f7e51387ea63198ba2
SHA256 a6c0c46ed897b1775b14c0bc6a7f2c7d55ccc791c8ef07c244e849460ac14912
SHA512 2932519a74e4986a9a507242d3dcfd04db0e4ffda455aec4b8ae8e53c926ca31ae3a97d17ffc103b6b6abe1db09d807ba57f43ebfc9a11a77f3fe9a445678dfd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\GWPS0N7T\www.roblox.com[1].xml

MD5 12c5ed96635bc2f83063f5c96ad2b3ba
SHA1 988bbc75d103e981404b5c5303835f1e24aa6fcd
SHA256 51865336c433ed63f43c90ef2b058c8e698c2368bac81ac72a99b7a3aca2892b
SHA512 15efc2db17e34e27f3ede5ff3c92317deb651778fa2b0ca7bcf3a71b95f95e288bf3056c2f1a9c4e72ace83f7723980fe19adcce59fc8a41e0ed1facf246b5b5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

MD5 6782dd423c11036a01ab94e0bd56f053
SHA1 d3b4b3712ec8e7e7d39764fa2c066a187e1dd876
SHA256 813bdb755f03e4d7d7af7ec39cd28fae4d7a7dd75747870d374debae17942cea
SHA512 73decf56449c93c1cb709939f52cff4ae2c42f67d3f3e4fac5dd7ec916add349eb8a6b6576748e71ac2ecdff2b30f206e9dd4e377d71bce514ab72f57063cb77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3e8699d363b127b153254bedee33362
SHA1 06904ba2e40d3487212bb48a0a39b9256d280925
SHA256 ab9d640e71afcb6f0a812fe0ed9f931aa765d648331120c52544ce0631598079
SHA512 82200e92ad582ef29738de147e12d97b5a817e6d100a5496d3b7d8b5367fdea6a3b6836caf25bfafd62425bfc7df2c4e4f67e1ea8a9b24413e7c3b8de7a43303

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6491acc1d5f83be0c361aed2b535ce45
SHA1 13662723a407ecb26e00b8fcdb7ff5ec4856e8c2
SHA256 464d2d7b23994c55bb2a1951a4db4e42400f88b02a092b670e35e1ebe9203055
SHA512 2a65752b147843d5f3c13bc312668c1fd31638209a7d0b3636b6a1404b8fb991fdbbb53eb1691fd60b1cf873a50a633d2f0ba32e7f36c4ff469b588a54219b22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72aa0cb411245f611296a29934c26fae
SHA1 0f0e7a4aa7ee3f780c02ebdad6a88364ee23ef30
SHA256 d955a5c6a054554f60ae493affb55d4040581c98c2dc14a5e07a19f7f22b7815
SHA512 cbb3c26df4b98aef7a0e125c238f39904bcdd7a5a1395eb927536e4a74011e50bd6eb1448e0376a5e3ca585ef5d02b06245035448454ba1c00719461a6cf0961

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e61c1e3f691b4095937c0d4e0a6adb15
SHA1 216c839984872454f189d488e40272fb7802ea2d
SHA256 fd8f1c170384817ebae1ad04da3f09b06c8e4d00449da5c6f794139db8cc02ed
SHA512 4d87f296a0d68561409939d3cdcf3c1b3049ffeae4d5cb56ea9ebb8e18801a04c616bf20696ac5398dd25fba5d832343259cdb14734b573b570ffe0b36838faa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17530537a09dd602653e93b0e16a264c
SHA1 7499eca7b930fccff3748f0c52b24458173ad750
SHA256 dc5eb980f564cd024cc298a50cc449f77018b822ffa9ffa3f914a3e3800aea16
SHA512 660f915299ff906e5dab13b3c07f0643019c994bd5c42c3a885328e4b8009cb34a4533e1d69cb8d09af6257796fd50ceb7a5a377013cc8d817e0b3246f2e8171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b31afe53369f0017486f80ed5677f5
SHA1 f13c0aaaf21b7e72ba54a20de11314906e37d303
SHA256 b32a845f4cd932cedd3c96f6b81e2d2a37857f7418fcc57e8eb9fc137d2382f5
SHA512 57559c8ca45faeb8154597c8f150a150a0df121729c21a67469d6785842226f7ec6f9fe6d741ff04e76e90216688b46b9cfcb61be712365301e8335840ddef5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab0448133f5d7fed6b97738003ded8cb
SHA1 25047f1cf8d2ba628986264129a6d5ade893d1dc
SHA256 5093894e9d8c3c7b5d494f69609abeb93cdeea33d006258df317519736f681e1
SHA512 c0436c45bfe01945f1b2e173c8ee66abf2c60e30ad82a85da3abd6a61788d9eff4d84c9d7db22db654363b424a8f40f0567ac6d67772fa76c0ac38190e0ac443

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13684cad788d1db0e6f718e481d13f68
SHA1 dc1e9ef2cf372c8261fb543cd720b2b7cc415032
SHA256 17ebed4c92cc0e8562e206291f9b9b7f332ff172cfa5ed46449f8a7d2e9110de
SHA512 690943c26848ee6c5d26d6259fa2970cd674f7c32139011318b4a3005442c81aef740fa5826aa57365ddb84950d5b1f2db88a8c3ae77d52a42c5bfaec32fd20a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db03740eaa6662806776dde6681ce5a5
SHA1 61c5dd1c48ca5f36da9f27e4155b193d7cd77a9a
SHA256 96cf9c8e4737e4b17d7a5df9b9d8201966c9c467187cefdde3bbda721f6c396a
SHA512 808175dcf49f1407d5228aad2f39073c108e145d9ab3aee4f937cad841a0a88264481aee7612afcf6fbcb613040376a00bee588e1257ff81923dfa81009f4122

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0eb8c322c0e515383e4cffa1e158b872
SHA1 68d32fd16381e1098f281b27294c3fc66ce66dbf
SHA256 d978db2e58aea0d6d399770e75f884159a332f95ef8914fbfe7d797e7cb9bb5c
SHA512 79ba0691d5584f14fe3118f50d288ab4b339bd8a4cdd74447338191f20553f600b20cb79c2739bce667fb969ff870ba477139bb18cbdb466eabe124da56cb86f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 46b37153994dcf8e93a5fef1b50f8f2b
SHA1 e52d944de6f1afc66b56ff6e9b593c40494f77cc
SHA256 55a90c0b7489b17a6a4b31c5b6cc4d0427a8ac3df60fe40285f581358fd09abb
SHA512 c682444d7f1f5b516afe006b1906f65f359263a5216bc94ab524b06ee33638b168ff0f2d36e21cd550e2300520bc7d6e8f830b7410a18ffcbbe1ab49c5031b73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4748507c982dcca06bc9e7ee71d3d532
SHA1 750eb53029007625a0976ce9c3b2dc640d8b0380
SHA256 56477597fb53bc82ec6c856a3073d7c1b895cc4d0d0f6db961238b1fe69e924c
SHA512 a2168343e3c78bcf046043845452eea5ef0a8297cc48986bf517460404465b21c5b32b205fb55be13af4fb6ced3ebfe7d8b06d94511c1b9c3abd96fe0395247b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 baf6d832239eb68cdf22f15b6e8a7d31
SHA1 8279b4971816ed08fc9316b5565977982c0391ca
SHA256 0ce96d7277b0945062ef7f4d031ce9512a24f21d6aefa171f077539009d10356
SHA512 dcb02d620cb9e53aee0f4c1b1d8d07ffae158281b1eac419d501d5b2285280b5fa29399d65366aaa1a3db2733364aff8d7dd9c85cc5cb63bf1108d66cf64efaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9ed8fb421b5c987c688b2f7ec41234c
SHA1 c4d50788fd670f4937206916c51fa795eb6ffef6
SHA256 f2f2a2930ae340ad9b485d4d62ef2cf4091313f3e36104203d9585e7966bef79
SHA512 ecbadca389147a9faff48e36fcd1216d6e259faa6570a252ec31085a7ddff06c2afc0924f98d6334d97c05fc7f85ab11769a005f507b30c770cce2503ece0b68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd1725fb6d5c15b8973b6004acfd9c7
SHA1 fa927ce0e5e161a19a8783a28a4a48da2ff0cf27
SHA256 466d91136d79c4e9ab006455018e27e7f886d5fda4c096092ec7ed502ea3b14c
SHA512 9e92a57656be9db5809e289dec2d243d8befa97d686079c78df58578bbe4d6dd87d36231ae0ea483cd9a3264fd4ac0b8fcc890d9b97a7fa5c37f761fa5fa4ded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5db49398b1cb659a1d99621a6bad589e
SHA1 3aaeca383a8e1992c59b4371fab2fcbcb69a6982
SHA256 08ed337dcf3ab99085003d47a56aa11cd5296227542cd4aa31b7c8a0fb3ba1a1
SHA512 9e2f52c2687032dbbd080980afd4f5fe03a7739013c99ac0eaf487a15e8c52508682001969b40e3f19263d96d2a350d2fc3a7bbd346257271186ced5ae0b46de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b7e80d2ae482ad4c6aa182536fe1790c
SHA1 4eacd7c0fe922ce6fe0f09776174fef31783fb53
SHA256 a93e68f0e9a88add7a0e5f984732cf680fa822e35e64b3bccea234d521732965
SHA512 b1be39a373ba100d24b6b738529d450262cfa230fc698f7695ef90a87575a3d9eb882830a7b0766e7575a2d7433a02425dfa208dc2054da15abb9e964eac2161

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 853dbdfc3fc858a3211a03ce0bea4c84
SHA1 4e556456c07041b9b872bf7db8081f37e3a03b20
SHA256 0c043b09e2c99a47e8f68dccd760706c5749c7fd08c39c975d433a41726a7555
SHA512 64654cd5c25664bad219e14021e7eed05685e16447902d49c8b9dbfb2265b3388e0fe32b9f3fe3ec193be2e16b6454d5d2207073c95f1c5e3d4975dd9a0fd64b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 294701d1b9df1310a77384ab7d235589
SHA1 a8f85ba0e35657ddf3d5308028f0be0a7857ffcf
SHA256 516eb9c4d1b4a9b7138bab895495978900576f9b74b62f2b0b6a57fb2e9605bf
SHA512 02310c3fb02e55daa23cc43256d3d49987d4e06dde8856a7cfb6cf9ee31e0e43da675f68287e70f3060aa772caece920232241738da363892493317fd97d35c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65ba17cf680091844af37ecc7fa1b954
SHA1 0e63d4daedac321e4606a0ffa78bf3ff2d6add16
SHA256 ef544ee9b5178bab81f702b113e7250bddf9738d2bed625c48bcaf7609bf7c86
SHA512 1dce9fdb0d5753c8003426c45c95f63c244e7e253093a360cda94269e3640787b67029e2408cb18f730dd838a010b20a46f772dedb251cef9235c40701b70ed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e4c6b6b32e2b7654a85d46e8bad9d78
SHA1 ec583666091a99ba7f16a68777a664d9c2a1aca9
SHA256 4a782ab7f554b978b180fd8d963710325ab92e33f8252741ebc62e9d3be2c694
SHA512 465aaf8152afc0938d0e35859dc303007a3637e6acbdb122ec4ad2dbbf8f517b97f886c5bea4539cd537674cd8537b5f44adeeb26a76fa5daa21026407a7bfea

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

win10-20240611-en

Max time kernel

1799s

Max time network

1590s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Voices\\Tokens\\MSTTS_V110_EnUS_ZiraM" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{2984A9DB-5689-43AD-877D-14999A15DD46}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "111" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "82" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "409;9" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "49" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Zira" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Mark Mobile" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Spanish Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Universal Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Anywhere;Trailing" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c3836a76fbfcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\Certifica C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D = 140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c0000000100000004000000000800001900000001000000100000004917c0071bcbe9c7046c52368f011df90f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083550400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e20000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 39dfcc78fbfcda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\Certif C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2984 wrote to memory of 3076 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 88.221.135.9:80 r11.i.lencr.org tcp
GB 88.221.135.9:80 r11.i.lencr.org tcp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 88.221.134.137:80 r11.o.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
US 8.8.8.8:53 9.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 137.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 27.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 25.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 83.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 11.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 232.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 190.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
NL 128.116.21.3:443 roblox.com tcp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
GB 88.221.135.232:443 images.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2b-lms.rbx.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
US 8.8.8.8:53 aws-eu-central-1a-lms.rbx.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 atl1-128-116-99-3.roblox.com udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
GB 128.116.119.3:443 gold.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 66.128.93.54.in-addr.arpa udp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.99.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 7.128.33.52.in-addr.arpa udp
US 8.8.8.8:53 3.50.116.128.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 158.85.192.52.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 88.221.135.33:443 www.bing.com tcp
GB 88.221.135.33:443 www.bing.com tcp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 253.15.104.51.in-addr.arpa udp

Files

memory/1512-0-0x000001666F120000-0x000001666F130000-memory.dmp

memory/1512-17-0x000001666F230000-0x000001666F240000-memory.dmp

memory/1512-35-0x000001666C6D0000-0x000001666C6D2000-memory.dmp

memory/1868-44-0x000001E843300000-0x000001E843400000-memory.dmp

memory/1868-45-0x000001E843300000-0x000001E843400000-memory.dmp

memory/3076-66-0x000002DD938C0000-0x000002DD939C0000-memory.dmp

memory/3076-73-0x000002DDA40D0000-0x000002DDA40D2000-memory.dmp

memory/3076-71-0x000002DDA40B0000-0x000002DDA40B2000-memory.dmp

memory/3076-69-0x000002DDA4090000-0x000002DDA4092000-memory.dmp

memory/3076-306-0x000002DDA68F0000-0x000002DDA68F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3CZM6J9Q\api[2].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

memory/3076-311-0x000002DDA6E50000-0x000002DDA6E52000-memory.dmp

memory/3076-308-0x000002DDA6E10000-0x000002DDA6E12000-memory.dmp

memory/3076-353-0x000002DD938C0000-0x000002DD939C0000-memory.dmp

memory/3076-390-0x000002DDA5C00000-0x000002DDA5C20000-memory.dmp

memory/3076-429-0x000002DDA6020000-0x000002DDA6040000-memory.dmp

memory/3076-430-0x000002DDA7A10000-0x000002DDA7A30000-memory.dmp

memory/3076-445-0x000002DDA6E20000-0x000002DDA6E22000-memory.dmp

memory/3076-447-0x000002DDA7600000-0x000002DDA7602000-memory.dmp

memory/3076-505-0x000002DDA7AA0000-0x000002DDA7AA2000-memory.dmp

memory/3076-539-0x000002DDA7C30000-0x000002DDA7C50000-memory.dmp

memory/3076-562-0x000002DDA9460000-0x000002DDA9462000-memory.dmp

memory/3076-560-0x000002DDA90F0000-0x000002DDA90F2000-memory.dmp

memory/3076-558-0x000002DDA8D90000-0x000002DDA8D92000-memory.dmp

memory/3076-556-0x000002DDA6DF0000-0x000002DDA6DF2000-memory.dmp

memory/3076-554-0x000002DDA6DD0000-0x000002DDA6DD2000-memory.dmp

memory/3076-564-0x000002DDA4200000-0x000002DDA4202000-memory.dmp

memory/3076-584-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

memory/3076-583-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

memory/3076-582-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

memory/3076-581-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

memory/3076-580-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

memory/3076-594-0x000002DDA4030000-0x000002DDA4040000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XKAIF41C\www.roblox.com[1].xml

MD5 7c72ca296772f1810caedf8da52de1a1
SHA1 a3a13ad9b731460a504dc5d89174e8f7f635251d
SHA256 650f4de541e3945a55d390827cfe7a08a50658b861a6e9a32419e4ae7ebe9edb
SHA512 8eb2708da7195f0eb8c64ea200180660172c2750e94e894f4a736d8b0bb0fee61299d07a1ee4c2a0bb334dd2874f9169dcd5b04446f0699640a591545885652f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XKAIF41C\www.roblox.com[1].xml

MD5 11d1c82f04b8a96bded3624931cf7d6b
SHA1 1a0e01d2f6316622664fceca42174af4841f8800
SHA256 4e629f077bdd432ced586fd468bf6637fb01cc8f95c1b787c0960a9c9ecc2fe4
SHA512 1be8b683eb193d45efb10ae92bc642a13fec5a011afa4286787e9108fc8a497cfe99133a91d26e9a80f3ee145f214ec57d43eda1108c705652bfc53d222f1e1e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XKAIF41C\www.roblox.com[1].xml

MD5 ebbd9fdc67e9aec54c3b5351587de8e2
SHA1 097063c232d5faaf898981601e68b613df574a3c
SHA256 bb5b5a0acc14e6a96032d991c7583354d39673b5cd9b3fa9e89803c48bc6f719
SHA512 77905f1ad8794bc089aed995f2a1f2a7188ac4ac8d072c1379028e569853c68f6e10f29feb8062c6a82d48986adadbdb8b90d3f33ba14035a391c3c204b92845

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\js[1].js

MD5 cf1330645cab6b67524c8763b45f0714
SHA1 87627e5cbcf23ae154c832f7e51387ea63198ba2
SHA256 a6c0c46ed897b1775b14c0bc6a7f2c7d55ccc791c8ef07c244e849460ac14912
SHA512 2932519a74e4986a9a507242d3dcfd04db0e4ffda455aec4b8ae8e53c926ca31ae3a97d17ffc103b6b6abe1db09d807ba57f43ebfc9a11a77f3fe9a445678dfd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DV63NOGG\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I3ITYWGW\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

win10v2004-20240802-en

Max time kernel

1681s

Max time network

1689s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2492 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 3012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 1276 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2492 wrote to memory of 4632 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebbe046f8,0x7ffebbe04708,0x7ffebbe04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5362162860775512993,6460646407419584186,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 88.221.135.3:80 r11.i.lencr.org tcp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 3.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 209.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 27.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 83.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.134.48:443 tr.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 aws-us-east-1b-lms.rbx.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1b-lms.rbx.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 roblox-poc.global.ssl.fastly.net udp
US 8.8.8.8:53 c0ak.rbxcdn.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 aws-us-east-2a-lms.rbx.com udp
US 100.24.195.22:443 aws-us-east-1b-lms.rbx.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 3.142.117.114:443 aws-us-east-2a-lms.rbx.com tcp
US 151.101.65.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
GB 88.221.135.82:443 c0ak.rbxcdn.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
HK 16.163.186.39:443 aws-ap-east-1b-lms.rbx.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
HK 16.163.186.39:443 aws-ap-east-1b-lms.rbx.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 82.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 194.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 22.195.24.100.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 114.117.142.3.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 39.186.163.16.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 123.10.44.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84f5b21b3ec4c04009fe31987474095a
SHA1 5b56c73aad34f8875090bfff91e05cdd8e59a5c2
SHA256 eb3ce02bff4f833492016bd7344e50c6efe5a035d06ad785a3f8abde1b05f408
SHA512 4e9c403d05417787f95af7453ea03934ba1017344a54447f7a5371b4635650f6e9c04b2dbee1fe7928fe8522a4e7d4d8b8234ab571cc183add9df65c3b172f25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca2cae4d2435ac77fd9364bfdc00573e
SHA1 06fabd959483ff9e84581a4b633f0df32954894a
SHA256 fa090a12eac974171fa08e785f4a613337d2914f37795ac294dfd7c7612a41c4
SHA512 aa1d27c9ef7ea1cd16e0d887cdbda21059ba97b295cc465b8b54eafabeec50103bf8f5c4504d254e42ed4e821dc10916d6b2f6aca43b60b94fe149cc56633b60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 839776616ed76cd6bd78e700b127736a
SHA1 9f4666a11893c32b854239b8e861d9e03d43e3c7
SHA256 34c3ce259aa501ba6af5f3f639743410bcc9b2bd837cc27b258f45dee8d0ab0e
SHA512 04b8cbd1466acf295e56ce9c8d6c11a46398a809fdbb6c3cc8071262ba6b37f2d8e115cc2e562f16e8abb9b0dd86f3b1ba0f9f92d654dbec8ca6f7e41b521554

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc944a9d3db7510d9349a45001012d11
SHA1 15495d5aab21684fb15d488011e9d74b4f8f40d8
SHA256 a1bbf0c8504d3f7a6d143688a5793f49d6bd484cb032053cd2ee602308ddf4b6
SHA512 03e8bf61e517144c79a918120702bea498667716697578f7e3416b7b515ab375e8785f01811836f2eec750774657d721142515e9b0e9ef36db453c9e90707436

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580a0d.TMP

MD5 a07bc2218e10224d318f7cd774f13bb4
SHA1 62a72d5ccdef764b71a9188028e923ccccda4969
SHA256 587067b45938db621a2a77513c3b18169c90868ed4a6b17ec18aa6002cbc1dc1
SHA512 1b5dc615260248ca8f4b9043820d2dd2a323b991ca309895c21d3492aa466dad920ea330b71fbe6dd5e166ff121541a91a720d44c5978e342afba7a02f7a60d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2fb9a7bdd14495421019030894d2dbfd
SHA1 e8da4b3fe4ceac95b32fd762c82d8960a769f532
SHA256 f8c29343ead6d93847fc7ce89cf98682096652e4228c7c914b298b770ce2d992
SHA512 043c94ed29f7bba2c0779e8258a264b91aacc5b28375be3b73968d6ec0dd52c8d36583ba4dc08a0614a7c2c72594ccb28938ef2e5b49fa0ff6cf5a4fe7b51ec6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da095318fc28fbd2c8afa9922528a85f
SHA1 c06c5c0582b60423aaee7f643e072dcdd1405a51
SHA256 bd40c5e049af524007c495191a0f7f3963ba75ed85bb75b54072c0a04efb485d
SHA512 060bf1c4d989ecee201c5a65399039cd00ba0737a44e526f6d26fbb37ab457e51db0c125746ff01c7635f36e6c52a63ea4718aff42b6c820e8aea2a05eb72c4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8cf5730b629fa92710a042335c80b271
SHA1 a2ddcee2e875d3da28d6f4b29e60632fe5e2c6d9
SHA256 a98329b4a34f6b31a329f203368cc94d199968ad7c61b6dc9f7b8d5bee028e94
SHA512 0f34f34b241e8a201986a1a71ada32445dc131a77db831138f7e782c8a7230a72046407fa9f95147cede984a5c905ae945152843498b4ba8d910cc4d3bb66821

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 23ebbee394618044823e792b516444bf
SHA1 e049090c5b1e5d1b7ee1528a58c6ea47c9499a7e
SHA256 66449df3165740790268ce3acc13ff90dc7948c12211b267c50fd7ddc645c894
SHA512 d25595783774af6879169e1f0ce6336c1cc27a482408f8a7ac57f0e11d4c2657a205adea71a86d72601255634413a2ea3d86cdeab948a5ee95248fe1cb45acea

Analysis: behavioral6

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

android-x64-arm64-20240624-en

Max time kernel

1785s

Max time network

1792s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.206:443 android.apis.google.com tcp
GB 216.58.212.206:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.roblox.com.bi udp
GB 173.194.76.84:443 accounts.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 2.18.66.176:80 r11.i.lencr.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 104.86.110.154:443 static.rbxcdn.com tcp
GB 104.86.110.154:443 static.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
NL 128.116.21.3:443 roblox.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 205.234.175.102:443 images.rbxcdn.com tcp
US 205.234.175.102:443 images.rbxcdn.com tcp
US 205.234.175.102:443 images.rbxcdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.212.238:443 clients1.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 syd1-128-116-51-3.roblox.com udp
US 1.1.1.1:53 aws-us-east-1b-lms.rbx.com udp
US 1.1.1.1:53 silver.roblox.com udp
US 1.1.1.1:53 mia4-128-116-45-3.roblox.com udp
US 1.1.1.1:53 pulsar.roblox.com udp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 1.1.1.1:53 fra2-128-116-123-3.roblox.com udp
US 100.24.195.22:443 aws-us-east-1b-lms.rbx.com tcp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 1.1.1.1:53 aws-us-east-2a-lms.rbx.com udp
US 128.116.121.3:443 pulsar.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 3.142.117.114:443 aws-us-east-2a-lms.rbx.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrnse.gvt1.com udp
GB 74.125.168.200:443 r3---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.200:443 r3---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r5---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.234:443 r5---sn-aigzrnsl.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.202:443 r5---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnss.gvt1.com udp
GB 74.125.175.10:443 r5---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnse.gvt1.com udp
GB 74.125.168.198:443 r1---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnss.gvt1.com udp
GB 74.125.175.6:443 r1---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.199:443 r2---sn-aigzrn7d.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7e.gvt1.com udp
GB 173.194.5.42:443 r5---sn-aigzrn7e.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.227:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.204.66:443 ep1.adtrafficquality.google tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
GB 173.194.76.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp

Files

files/dom-0.html

MD5 df33dac127f978c5379bfbe0e911418d
SHA1 e4af8dde4d531b2254209f4e3349d089c5264760
SHA256 54c16305b616b6bf86d147aa20ad1e562b6ff3e7e675e76f2781ab1a21845828
SHA512 2d9c95159ac0ddff1055c2b6085740bcf43ab4a9ccb121c862326739d7cbebb4d16b4029bbbaeeb816c35feb5bd58f414266433af1b5c17b36858cb80eb6f41a

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

win11-20240802-en

Max time kernel

1680s

Max time network

1686s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2184 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 428 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 2364 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2184 wrote to memory of 392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd24c53cb8,0x7ffd24c53cc8,0x7ffd24c53cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3782737114608948899,13541645891632580132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4660 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 88.221.135.3:80 r11.i.lencr.org tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 3.135.221.88.in-addr.arpa udp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 88.221.134.145:443 js.rbxcdn.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 88.221.134.48:443 tr.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
DE 3.67.217.66:443 aws-eu-central-1c-lms.rbx.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
DE 3.67.217.66:443 aws-eu-central-1c-lms.rbx.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
N/A 224.0.0.251:5353 udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
GB 18.169.126.21:443 aws-eu-west-2b-lms.rbx.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
GB 128.116.119.4:443 ncs.roblox.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c4a10f6df4922438ca68ada540730100
SHA1 4c7bfbe3e2358a28bf5b024c4be485fa6773629e
SHA256 f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02
SHA512 b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

\??\pipe\LOCAL\crashpad_2184_CAVLSOTMUTUCXXLL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c3889d3f0d2246f800c495aec7c3f7c
SHA1 dd38e6bf74617bfcf9d6cceff2f746a094114220
SHA256 0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4
SHA512 2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5cf47e6cd634618889d8e2eec37aa53d
SHA1 dceed36b8d5e1821626e53510a6b82faed12e9de
SHA256 347ef83a8e5847a062d8d77cf6a03da2c6d537f8840e319327cc4252f9bcef18
SHA512 3ef408da5b143dcbfe7cb3e5a9132bc0100ceeb466b13995fb9d656ea6c64d9c7f6237d8a9589882d6102fcc4cabd950935282ac4625fda1e5f9db1b658a9191

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 de328bdc48db81050c38d3148f682f5f
SHA1 31d6decb613cee6fab059bfc5f669d420dae8679
SHA256 ebb15fdba905eb7a3c821b8c1c2290c48471531a5aac21ae3c87c34bed3029eb
SHA512 c7c939706d1f6a0285a6cee833bfc48064fa01f92babcb9aaeab5e21976558823108edccfe7a223e3f54ff466924d226f0402d4cdb45e4f181260c420a52285b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ec1d38756badaa358ef27609eec9a03
SHA1 76f31bbcebaf72756384ee35d95375adfb112f2e
SHA256 cddabb1c292dd57bf046972e9771cd75ed404e037e9bc9ddf757abc15db7fa83
SHA512 566da79ee1682daae74fa1ae28fcc6f792dbf57049baba5864c91f1c338b9d94280e1bd768a8fc97aac87aa533252281e310356943e22ecb42a05afc75e5c2a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bbaf.TMP

MD5 9a08eb3db41093245e8adfe8cecd5303
SHA1 683b7f2a5773ed8bca5c5a0273e1e53195c38450
SHA256 30266a448cf219b46a15192245fc8ddb7b20b47d866907cec2fc6890f712e37c
SHA512 36e376f9fe965fcb4858a36ee873b867422c7a448fa247a149559b963206362b6f8ade190b3e740170c291d4ac7df21226b422de04232d7ea659c23970ea2757

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57804e7faecff1e148e88ce644c777a2
SHA1 b2152cd9d368000c4e790df3eb5b1b8893998980
SHA256 80934e28b3a3bf35a8036dce11b36c0235b83a5eda37801bc3b5a6b716b9716b
SHA512 f88099b78cedce387c02976f3935397f257098d8754de1bd415cd0b5d848beeb830370561560b247de23a5ecc2b417efcf898c42cc78803f1e64d50541da00d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 271fe806f26f34a38b8f7474b6b8aa39
SHA1 7d04baeb0f9be9256d6f520e08e751d357c99ef1
SHA256 8d40ecf4bc19569e5760ad085f8b9270f73ae70b5f77ca41691c2939693edc73
SHA512 37330bda9a9f0f93cae0f81be03d3bae757f27815b1687be9c143e88a09c334462ec3d9477a35d8b70cc072ad3c830e7325b0e54dd5766310b99df411295619f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8fdbc31390705cf896351bf8dc8700cb
SHA1 8dc17a7660a735be6cf93bac78bd15d8d27fa3ed
SHA256 a5b74a208d0e6964687e0f2827bb6bef2f0ac4509267cc259e0bd42a676fa6b9
SHA512 17bac18495279b818fbd18f07731da376e3958b6ab32bfae8f7a6bb564d484ab5debb27e108d8a8737f37f4320ea1c30a648155882f731f980379b32ca6032cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d356176198b22ed2a5a3888f1b66965c
SHA1 f3d9a26546a01960404d68f073a42a0e6447f41a
SHA256 afb7b788d37e18ccae8683fcbc0a2a33633d209bfa63a53cc715330fcbac8537
SHA512 f0639dc43daacd9af6c4214eb0c1d6e8e47a423b064a2138376eefde9bee4cc58a221d34790941d500c42014ba9b248828055bff803ee10f92dc266b395ee78d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48d866cbbcb7547966eb144a4800179b
SHA1 beda9849d1bf43dde81aa87b4ddf7888559cfb68
SHA256 9312992fc31184ceb341146231ad721c822a1a95b0539127b7b0cd0ed4d13931
SHA512 129a86a2e7ceed89027a2878372530fb4a7fff157047d8796957f1e2721a37786f14ebc6895c0c0acdb7cae8a7c1134e4b48df8c68f8fb7185074ada79639085

Analysis: behavioral5

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

android-x64-20240624-en

Max time kernel

1656s

Max time network

1789s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 2.18.66.176:80 r11.i.lencr.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 205.234.175.102:443 images.rbxcdn.com tcp
US 205.234.175.102:443 images.rbxcdn.com tcp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp
US 1.1.1.1:53 c0ak.rbxcdn.com udp
US 1.1.1.1:53 gold.roblox.com udp
GB 104.86.110.186:443 c0ak.rbxcdn.com tcp
FR 128.116.122.3:443 gold.roblox.com tcp
US 1.1.1.1:53 fra4-128-116-44-3.roblox.com udp
US 1.1.1.1:53 fra2-128-116-123-3.roblox.com udp
US 1.1.1.1:53 c0.rbxcdn.com udp
US 1.1.1.1:53 cdg1-128-116-122-3.roblox.com udp
US 1.1.1.1:53 aws-us-west-1c-lms.rbx.com udp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 1.1.1.1:53 lga2-128-116-32-3.roblox.com udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 c0aws.rbxcdn.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
GB 108.156.46.127:443 c0aws.rbxcdn.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 13.57.45.211:443 aws-us-west-1c-lms.rbx.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
GB 108.156.46.127:443 c0aws.rbxcdn.com tcp
US 13.57.45.211:443 aws-us-west-1c-lms.rbx.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 172.217.169.1:443 tpc.googlesyndication.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.66:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.213.14:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 74.125.71.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com tcp

Files

files/dom-0.html

MD5 26e1391ad14e0ec0839c102b9d521a47
SHA1 f82c3c243d42c8df77ba3e388febe918f0a60250
SHA256 0e4225e833ea7075f9ef10e2954eec7675f490ed30b0c7a2e547979a49513d94
SHA512 7b270956a20ab0321b56eeaa411dfb94a3bc3cb55e9bac604a2865bba51719f2546d6bb3ce0b289f5834105cd5dfa126208f9aacfabe6a506a14a5ef173172f9

Analysis: behavioral7

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

android-33-x64-arm64-20240624-en

Max time kernel

1796s

Max time network

1808s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 udp
GB 142.250.200.36:443 tcp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
US 162.159.61.3:443 tcp
US 162.159.61.3:443 tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 2.18.66.176:80 r11.i.lencr.org tcp
US 1.1.1.1:53 accounts.google.com udp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 88.221.134.27:443 tcp
GB 88.221.134.27:443 tcp
GB 88.221.134.27:443 tcp
GB 88.221.134.27:443 tcp
GB 88.221.134.27:443 tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 tcp
GB 18.245.253.62:443 tcp
GB 18.245.253.62:443 tcp
GB 18.245.253.62:443 tcp
GB 18.245.253.62:443 tcp
GB 18.245.253.62:443 tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.22:443 udp
GB 88.221.134.27:443 css.rbxcdn.com tcp
GB 92.123.143.232:443 tr.rbxcdn.com tcp
GB 88.221.135.232:443 images.rbxcdn.com tcp
GB 88.221.135.232:443 tcp
NL 128.116.21.4:443 roblox.com tcp
GB 88.221.135.232:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 216.58.201.99:443 tcp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 142.250.200.2:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 52.24.157.247:443 aws-us-west-2c-lms.rbx.com tcp
SG 128.116.97.3:443 tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 128.116.102.3:443 tcp
FR 128.116.122.3:443 tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 3.19.113.80:443 tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
JP 128.116.120.3:443 tcp
US 3.19.113.80:443 aws-us-east-2b-lms.rbx.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
GB 142.250.187.225:443 ep2.adtrafficquality.google tcp
GB 172.217.169.33:443 tpc.googlesyndication.com tcp
GB 172.217.169.33:443 udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.200.36:443 tcp
GB 216.58.204.68:443 tcp
GB 216.58.204.68:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 172.217.16.228:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 172.217.16.228:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 172.217.16.228:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 172.217.16.228:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.180.2:443 tcp
GB 216.58.204.78:443 tcp
GB 142.250.180.2:443 tcp
GB 142.250.180.2:443 tcp
US 216.239.32.36:443 tcp
GB 216.58.213.6:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 142.250.179.225:443 tcp
GB 216.58.201.99:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.4:443 udp
GB 142.250.178.4:443 udp
GB 142.250.178.4:443 udp
GB 142.250.178.4:443 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.180.4:443 udp
GB 142.250.180.4:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.196:443 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.196:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.179.228:443 www.google.com udp

Files

files/dom-0.html

MD5 1bce1daaced700b5857565c4bc90c460
SHA1 26621cff968075f7644f6f62891891272cb2133e
SHA256 ff53f36d8ce4a0d152deb5a7712f2b38c2bc6da3e8fd9497e33f675a734c3095
SHA512 2ca74c58d9b3a1240bc1c67cdfc04649335639b8bf8b1e7b61ce898782c20d386a9e250f09b4103e116393b2656e78cb1fb7fd17cad360749b36829d94d924dc

Analysis: behavioral8

Detonation Overview

Submitted

2024-09-02 05:45

Reported

2024-09-02 06:15

Platform

android-x86-arm-20240624-en

Max time kernel

1754s

Max time network

1803s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 2.18.66.176:80 r11.i.lencr.org tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 104.86.110.154:443 static.rbxcdn.com tcp
GB 104.86.110.154:443 static.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
GB 52.84.90.101:443 images.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 1.1.1.1:53 sin4-128-116-50-3.roblox.com udp
US 1.1.1.1:53 sin2-128-116-97-3.roblox.com udp
US 1.1.1.1:53 fra4-128-116-44-3.roblox.com udp
US 1.1.1.1:53 sea1-128-116-115-3.roblox.com udp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 1.1.1.1:53 syd1-128-116-51-3.roblox.com udp
US 1.1.1.1:53 aws-ap-northeast-1d-lms.rbx.com udp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 1.1.1.1:53 lax4-128-116-63-3.roblox.com udp
US 1.1.1.1:53 mia4-128-116-45-3.roblox.com udp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
JP 35.79.105.171:443 aws-ap-northeast-1d-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
JP 35.79.105.171:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.204.74:443 tcp
GB 216.58.213.3:80 tcp
GB 172.217.16.228:443 tcp
GB 142.250.179.226:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.178.14:443 tcp
GB 142.250.180.3:443 tcp
GB 142.250.180.3:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
BE 64.233.167.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
GB 142.250.179.238:443 tcp

Files

files/dom-0.html

MD5 60edd4a4fd5460800ce37de303906cd7
SHA1 b0d1227f89156856db064cad16af232432d48b7d
SHA256 24675c866b08bfdad9fa065007354c3ccfbbd1bf5753360ae91ec4d767f8a649
SHA512 160fffa04537ad0b6ec92c9e0cfe402aedfe2eb993e0e07ddddf2a93191348d29302ea97d8e660d27832db6df1efc67592e85d3db6eb1dabb3f406d50d6503b8