Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
Resource Forking
System Location Discovery: System Language Discovery
Browser Information Discovery
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Checks CPU information
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: MapViewOfSection
Checks memory information
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Analysis: static1
Detonation Overview
Reported
2024-09-02 05:46
Signatures
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
android-x64-20240624-en
Max time kernel
129s
Max time network
156s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 2.18.66.176:80 | r11.i.lencr.org | tcp |
| GB | 2.18.66.176:80 | r11.i.lencr.org | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 108.138.217.65:443 | static.rbxcdn.com | tcp |
| GB | 108.138.217.65:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 1.1.1.1:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 1.1.1.1:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | aws-eu-central-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | pulsar.roblox.com | udp |
| US | 1.1.1.1:53 | silver.roblox.com | udp |
| US | 1.1.1.1:53 | c0aws.rbxcdn.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 1.1.1.1:53 | mia2-128-116-127-3.roblox.com | udp |
| DE | 3.67.217.66:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| US | 3.137.17.126:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 108.156.46.103:443 | c0aws.rbxcdn.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.187.238:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.213.10:443 | tcp |
Files
files/dom-0.html
| MD5 | b6a1925e91e9bc7c00ff776988a2c010 |
| SHA1 | 730057436cf99ea8f56ef06df8dc5ad2a36a2e53 |
| SHA256 | 313918b9cf4eb0952cd2313712a3ce4bf16cfb7315298b403c59bdbb850ece4f |
| SHA512 | 0199fb210b268a01bef4383c72011613318f2953641f9239fe3ad0b9fd016ba0305f24ac224722e745ea2b976daf3ac86db19b79e6fa13206a7daf28062e3b47 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
android-33-x64-arm64-20240624-en
Max time kernel
41s
Max time network
133s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | udp | |
| GB | 142.250.187.196:443 | udp | |
| GB | 142.250.187.196:443 | udp | |
| GB | 142.250.187.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 104.86.110.112:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.212.238:443 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 142.250.187.227:443 | tcp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
macos-20240711.1-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=288981705 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=63]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=289039149 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=63]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=294168844 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=294261773 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=66]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=294316865 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=66]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=294342548 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=72]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=93]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=96]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=104]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=109]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=71]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=311622325 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=56]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=328098119 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=119]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=123]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=123]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,26488583075708900,11705620194074023065,131072 --seatbelt-client=122]
Network
| Country | Destination | Domain | Proto |
| GB | 17.250.81.69:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.234:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 142.250.187.234:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | tcp | |
| GB | 88.221.134.83:443 | tcp | |
| GB | 88.221.134.83:443 | tcp | |
| GB | 88.221.134.83:443 | tcp | |
| GB | 88.221.134.83:443 | tcp | |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | tcp | |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 18.244.155.18:443 | udp | |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | tcp | |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 172.217.16.226:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| JP | 54.150.176.112:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 52.38.237.189:443 | aws-us-west-2c-lms.rbx.com | tcp |
| US | 128.116.121.3:443 | tcp | |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| GB | 88.221.135.82:443 | c0ak.rbxcdn.com | tcp |
| IN | 128.116.104.4:443 | tcp | |
| JP | 54.150.176.112:443 | tcp | |
| US | 128.116.121.3:443 | tcp | |
| SG | 128.116.50.3:443 | tcp | |
| IN | 128.116.104.4:443 | tcp | |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| GB | 2.22.128.162:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 95.100.245.89:443 | help.apple.com | tcp |
| GB | 95.100.245.89:443 | help.apple.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 34.104.35.123:80 | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 2b3c72ae0ff1f364ed48c54741963c50 |
| SHA1 | 9b5d9a73be6e48d83e59ee115e83d880768bcb94 |
| SHA256 | e1db26b41e2db07ac851d0d3623565711f8bf7f691502ed68e7f34950f4a4606 |
| SHA512 | 982a03670d32d69a178d0842f9960be289108595ddcec063552263d1fa347c145f9d1353e7b7ec527d1a4640a97e5065587634024daee30d52f14686152d8c8f |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | cbfd5ecde30f3fb83f703e338a316f9f |
| SHA1 | 9d941004cb881b6ddefab1001b711f810e200263 |
| SHA256 | 927d69d1b6491603e92f09c18183ee881892fd65ae1bd2121925fdb785cf4bca |
| SHA512 | 5ee3975e2d685772d853d9fd27535b1224ee559bd2077a5265f74ab297c721f3ecc32262804d56dc0bd9e89b070f13d53e978acc97775eda75147ceb7946a6d4 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | bafa6e74c9f3bd0e153fb7b271a216fd |
| SHA1 | 70627da256b120c37b24234d07a8de3b36cd89d2 |
| SHA256 | c11d729fd279413d53adc7a8fcc7f99919e85a070396e2fed133893f2a0a4454 |
| SHA512 | 594de848e83b99fea4dae647c39be70b1955e1a07fb6b0bfe3d4528a929a48764b7342a93f4b10ed0b4af8cef23d517fcf16b8f4bd7c30ff5b90fc8d76b62785 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 7ea9384ea971e2fd2fb96f5654a091b6 |
| SHA1 | a576b4601794682ec54789f9b2c987d4b00c85b9 |
| SHA256 | fb90dbdb3fa0ab26a0a1361fb6d48a53cd4dd643b199e93b49b2ec0c5d28a227 |
| SHA512 | 262c79bd6d02e3cbb7c90378fa10e0b75f7dd08db620da7ab721d07ed12f03f9487a1ebcc5140f0cdf24b1dee8d99afb0e55fbadf576123992a26b6f595f0f03 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 506c4e17aa8739d3b99f7aa30d2a91ec |
| SHA1 | a5ac577f17e81efd43b4ad7f631a5d2e6989cf36 |
| SHA256 | 4f8d860c8a0772f611336cf824ec7125920ed5bd8685c9f9f725be30c8266783 |
| SHA512 | f6dea8256e5aa0fbf3a7f3f3fe8adc26d445e6746fe6a91efce039c1880bc26a1aac6bb9d73753200726e6f0ec9d4a9cc793df6f03f09261de1d51417dcfb75a |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 0676c77b36a5cae85632fd487faf523d |
| SHA1 | ded13ed444aa6db85ee7bb9bff556f74db3f82c1 |
| SHA256 | 815d33a921f3730570d34eaeea44d4013c6c76d952aaa706716aa4fae0346395 |
| SHA512 | 000070ce8d36d675ade02289c4f4693e0e24ea6518d509e0790986c8c84ceeb32adf3e53c1512c6f300fca702b3b2db977de829d5911ded9acdbcb915daef2bf |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.OBMNZT
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirftD0oz/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirftD0oz/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 53289.crdownload
| MD5 | 3532431e06b98bfcb6cbc4e8b7ac7290 |
| SHA1 | 63c6ffee18226354ba44b4877f8848fe251aae33 |
| SHA256 | cdb58ada007b7c362250a48dbb59adf17d8b0377f7c7c94ba18e0b2726c2570a |
| SHA512 | 64401332604266a4156eb96ebb8104413a909f151d63d5902cae52cbe971a346663535f5671cce136de48646610e666accb0711ba766b167c6bfc3c46232875f |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/79faf9af-4377-4532-9e20-20affee2dd7a
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/321d4bb3-da52-45cb-9151-70741691dc73/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aVldpM/obedbbhbpmojnkanicioggnmelmoomoc_20240823.667410168.14_all_ENGB500000_bjx5pfk22zvlrg74ds2zbjubhi.crx3
| MD5 | fc8c03bc80a915b437a42a43903fc760 |
| SHA1 | a4be247fb11ef9d7ec5a52514cfe3f729fb16b4e |
| SHA256 | 146b6a960bcc2c889ba06b8fcca482c04e53e66db6913d32d482aacc1016811f |
| SHA512 | 53facf49e100ba0a423f93e81b600a68aa54af1280edb8e39bb785bc0c418f3b5ca6f8a8b313bcf652687b490ed71ef0dbb07c4794b22613aca68b2a4556d606 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.AOXVG2/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3
| MD5 | b2dafe25aea793b54de2becceb187c6d |
| SHA1 | c161e609d50f79ac43b26bc3ac501c06ee1f98b7 |
| SHA256 | e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a |
| SHA512 | 9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ugeYID/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.lNpsNz/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3
| MD5 | ba0c44cdcbb9f1a8b1b2cbed95346caa |
| SHA1 | c9a5e9df64b46db7bf44b091da1c5553137bff55 |
| SHA256 | 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948 |
| SHA512 | 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.XopimG/hfnkpimlhhgieaddgfemjhofmfblmnib_9080_all_adyqmz5d7zknugejsqqetolhvjqq.crx3
| MD5 | a2e8576c93481396bf37747a2308fb89 |
| SHA1 | eeb4826f10a66e9c8a5a811bf488c35a3e00b0f6 |
| SHA256 | 34c9e8727957f05b0fb1d6c61bdd7cef50b2293169e6ab31e3c54d8db8f0ef6a |
| SHA512 | 202539d71cebc2bbda5142616b07564fa94231ce1f969b0ec8b914d7a91e92d0916c2044c7264739d076d936dca04f9f86f9b0c16cf37dd2e4c797fc8a943451 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B8PXZr/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 72326a22c279498851ae0331f64c001d |
| SHA1 | ed2e9811491e6dcb047cdc5ff8c20f75091c1f99 |
| SHA256 | 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541 |
| SHA512 | c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.teWD5j/efniojlnjndmcbiieegkicadnoecjjef_1062_all_adeocrbltt6ccaniukpklryf3ibq.crx3
| MD5 | 58177ccd3bf9e82220c0d4677e677171 |
| SHA1 | d5d2a3cd1576b65db1984f196654252352b76223 |
| SHA256 | 22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d |
| SHA512 | 4ada72196a0aee1d67523008fb1c9a8726c17a79f6df6b721c449389090f679cd1e33545a478998268ff51a0d0096ce5073151523c76fa4b9c32ce728ed73851 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.NArEej/jflookgnkcckhobaglndicnbbgbonegd_3040_all_j6kvwuv5hzxeixor5sxkklnez4.crx3
| MD5 | 74380408f0ea043c6c7b97ac9317a0a7 |
| SHA1 | f54af3671a592aa5948039563e358474e50886b4 |
| SHA256 | 2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0 |
| SHA512 | 7510500d90fc86956cfbcb1f5f207dd3ededf80ee04c2ab2f09838967d73872c51879b60edc35c7ecc8a53d49cf564e9c2fd51b263f04f846d149f3db941962c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Btege1/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WUY2LW/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.NJCWF4/eeigpngbgcognadeebkilcpcaedhellh_2024.07.12.235938_all_a6r64uyugl6fjh3lupjqo6w7ai.crx3
| MD5 | 5e35055aa7583eb7c42b10833763abab |
| SHA1 | a8285a121e4cceb3cfb6b53827bd1cd3682af862 |
| SHA256 | 8814cb6cab024b119ab991ad7acd74f4df7bc68bbf86c0903c8be9852a5baa55 |
| SHA512 | 79006925696ac264d2801fd41fe632e5c2c9261a285d4e7a4368782f682cfadc6cac2b83835904a28c4734544b2b4230d720f81b7a2ee4c4782562a53858d952 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.cMJcxn/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.vsyeSy/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.AYK6GY/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.51.0_all_acbqatjjvjcpzcwzr7qehoq4wf4q.crx3
| MD5 | 5aacc7e6ba04a3b57fdc03a5d4aabbec |
| SHA1 | 63aabd9cf4acaa53ff4f09e23749b42ceb38ca12 |
| SHA256 | 3651711652892acf34795b2c7e4d401ed2274c20e952f65cf52deeeef5bbf9b5 |
| SHA512 | dbbc38684e1df655f2dc0666f82815e97917feb22da1ddf6da3acc1bf6ab15d54ee3986a01bb305f668e961a0ecf3688357411f1494ea8c3fb721293f0951adb |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.51.0/Filtering Rules
| MD5 | b23dd5b6eccb460003ea37ba0f5e3730 |
| SHA1 | fd444553cb7699f84ce7e5664232771673dcf67d |
| SHA256 | 7f7f432c27d97dee184dcd3ea20f731674c008be849c0136f9c5358e359f3ea9 |
| SHA512 | 7e47bd172c4bd4c65f063a8fa3fb33ed47f29156eb20e42d4e8ea73c6f02526a30ffe907be5b7c1406d4eaa71fbec7c0d557c376dccd0a1a961e2f61b3431181 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.51.0/Ruleset Data
| MD5 | f01cc430de3d42c5c2cf54e3b1605bc4 |
| SHA1 | ea829f968972f5bd85b50df322a7c0c410d931e8 |
| SHA256 | 5dd0664f2a550f5ecc3a59a3e986f7c3f4a9a5179d93e8fea9ce7a3e5200f00b |
| SHA512 | 6f60d5139b6785f8957e259dd57d90370fb0b9bf7cf0d144156860ac47331086e68468fbcd094d8dca5f145be28db35ccb162aad3a0257ff3e33a72b85cde890 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.oUlDP0/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.zih7gH/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.N40LRy/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Raqjih/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.08.10.00_all_ngbcdbf23y5deox6qfrqcyni5e.crx3
| MD5 | b22ee22c7bdc09a81df6804e2843ca2d |
| SHA1 | e8b4df8defd371e9af3e053681c7c54cabd29544 |
| SHA256 | dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4 |
| SHA512 | cfd33ea1156241d56157d5381c48be65e80290ac5bcb541c0aae0ebb3e8010bd6eba8f74c77a37a17acf9b5a1c2c0090b61b146385689344c34de4ff7c0c704f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2f5446f8,0x7ffa2f544708,0x7ffa2f544718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,9607062050074801195,16131626332943533576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.134.221.88.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 13.57.45.211:443 | aws-us-west-1c-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| GB | 88.221.135.203:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 13.57.45.211:443 | aws-us-west-1c-lms.rbx.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| HK | 43.198.67.196:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| HK | 43.198.67.196:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.45.57.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.67.198.43.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_780_SJXMTMJWWCIVXXAY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 18704f4fbff92588afee5a9d452acafe |
| SHA1 | 0bd0176c928735e8206a54f5e45ab90a744d938f |
| SHA256 | 8bcfb090fad85086a3efeef8cfb08a44a8ecc96ae9f46998280d56f6d2a5641a |
| SHA512 | 30af3d87a563e86cdaa6526c8978dbcae6754f1df47ee9dd2cb7757238848532c8173a1420fb00f2a63874abdb53054f61166dc4c9488f0d688314beb77757e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f021f05061d1aa2d6cc44e36dcd03f2a |
| SHA1 | 9b83af9efdb94fb73c5c80f4dbdee01f911026e0 |
| SHA256 | 1c0160e0ec4d3da1d5a67a4e228a032d4f116151ce71cf4a039dcf8c6fd6ed9b |
| SHA512 | 01bc987438e9a12528b84dc1f21b546f22dae972f4f099583240d18b5c5d92c5ac6fca96f84a9c7155506cb4b1dadbadfff33b43dce6eba203ec06f56d3bc2eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 997b74d09010236d85af354d243b1ca0 |
| SHA1 | 2787d37ec0577df82a969a37dd72a49405b42c26 |
| SHA256 | a823dbc1c6da877100699d49e84ef76cd6fc4bbc90afdd5786f83c249b93e5f9 |
| SHA512 | 61f194a3de831c220eb2b8a8922f7d87488de158caa7d7a3df19596dbca1d93b28665ee33ac30f257059969e8d917293f59ea90f406960996e852fe15794db28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f00d.TMP
| MD5 | 6a8d2564685fdc938e68b1084c88a0e6 |
| SHA1 | 689728f05c1a0310a118b7ba4a39271761cb8480 |
| SHA256 | b11c1e658a680b96c5ea9778210522420964527a2c15c15ae0fb90b4ce19a025 |
| SHA512 | efb735c81ffb7156197763a765f7f4a4115eafd61c6ac0b9a68074d64f726882fcfc75114e575e94ab2e2e45e602a418a1a0ad8f417cf4260e6996a14921a684 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98a2f23f6b8e6bd34fd72c8d97e40b52 |
| SHA1 | 5aa70652f5b9a6e1b20f55acb6e63b0eb9a3bccf |
| SHA256 | 0526ba47c216234b39c4dbce4433358552e363d23b950e34beb9d023e56cc1d7 |
| SHA512 | 97fdddf3e17d1bdc2e61b1a6628a28031ad7c6476961ad9fb99fd1e5a6675442b68e9441606f3db888cbf6c0a50724b9600814804ae022eaef5c12641b8d346b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 05416084c14a29b6758b841a832b4b79 |
| SHA1 | 72d7db320a47575d05b6a42bcfc1e2e7d7c1355e |
| SHA256 | 564c6e4ea6dd91b0d368a8f44f1a6d1447b0afad5b29c334bc9050f57ef8b825 |
| SHA512 | c1e9e3acb8cd52d3b8670e159350865fda070b8d7ff99b7f4ce06a296bafcea339c6f80962495bcd4c3e73bc6e3de58dff6d8cf9d87c6fe56f8a983465bde5ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40e8814df7d89b8ee122d53a3eea3d3b |
| SHA1 | 47e877f23595bdb3c7c067d91f02b30fc8f7f471 |
| SHA256 | c149d098d025313c9038f3d47d720fc807387f259eb42a04343c259f29d5e6c8 |
| SHA512 | b2b0ff8ca6b14bd3051911b69e2ca651fdd4342516f62fd5840e653f9835c2407b9dd29a8f9743df203cf3997b9decbea206d9f9e51364fddb9a2b311af79397 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a35bd83667f47cb097321f878954c86 |
| SHA1 | 0239bac3f9473068f83dc1e5d5b8d55a5ebb5cb3 |
| SHA256 | 565bdb8cc2554e13f3ad720bad9b4e456ea96a675d28abf97664e737cf07afde |
| SHA512 | 41e829ddbf22a5ed0fd0d2eac9d3c35dd81614ad9e4040c1613064b786931adf924f9352a67fc79cc67a15d41a56ee3ff4bb63761b24990c62cf445b5a1c03f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1a3d7e56fe0e5b383ce201e8617f5ac |
| SHA1 | 6467d8f2cc12138e029660c9a0cb68fd599499aa |
| SHA256 | 62fb4dc2399b5117bb0af89e0fe9b7c916d3b7eb2058a974206465cf451e30fa |
| SHA512 | e9c3658ba545d89d2f70217040d8a69218826bf76c062b9f7392f28f9fcced8d6c9a16b17e3495636a619b2c1c5ab9151c6aafe0afe3c20d02048f8503db8399 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
win11-20240802-en
Max time kernel
145s
Max time network
142s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81f253cb8,0x7ff81f253cc8,0x7ff81f253cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9220292574421077266,4492845781349079191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2104 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | aws-ap-northeast-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| JP | 52.199.30.94:443 | aws-ap-northeast-1a-lms.rbx.com | tcp |
| US | 3.23.68.170:443 | aws-us-east-2b-lms.rbx.com | tcp |
| GB | 108.156.46.104:443 | c0aws.rbxcdn.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| JP | 52.199.30.94:443 | aws-ap-northeast-1a-lms.rbx.com | tcp |
| GB | 108.156.46.104:443 | c0aws.rbxcdn.com | tcp |
| US | 3.23.68.170:443 | aws-us-east-2b-lms.rbx.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 94.30.199.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.68.23.3.in-addr.arpa | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e8115549491cca16e7bfdfec9db7f89a |
| SHA1 | d1eb5c8263cbe146cd88953bb9886c3aeb262742 |
| SHA256 | dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e |
| SHA512 | 851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54 |
\??\pipe\LOCAL\crashpad_3856_ZWASWTQARYQEBUAO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3e2612636cf368bc811fdc8db09e037d |
| SHA1 | d69e34379f97e35083f4c4ea1249e6f1a5f51d56 |
| SHA256 | 2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9 |
| SHA512 | b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9e39ccc211e5e83896e2b57706d8829b |
| SHA1 | 5bed5e463f8ef92846d779fedb5e0a5ed1d996d2 |
| SHA256 | 794181eee967e301d481e7fcc260eaaaea0636d9260cbc2903f67ad2a297ba9d |
| SHA512 | e56e04b41bb56a241f38d0cccdd8a24148c54d372508f8444e1ff750b21de42f2e121102878e2ba07d749e4bbff966941af45294cb423c7690c8be3bd4db0f09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eca6bde3ac828a9d780a74cf2105e701 |
| SHA1 | fe0171cc1e44f800fb808380536de5e26f3851bd |
| SHA256 | e14386a29fff71349a11ebd59daef972d85c0346f7e5f9e179859f823329d292 |
| SHA512 | a8213fd7352bcbb5f412951be453fd1fcadcf11f691217c254606cebc06eccc467593691a2cff534d9747291b352aff7dae25a8ac13c5dcf727cf48563892fc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e512a4d90008960074d0961f4fe901f |
| SHA1 | 5b91f5ed6b49a1268f4b445c8d77038f95317c29 |
| SHA256 | b2d5760746a5138348bbc9e60e3f965a76dca7a6d00730fc9d9fd1060569c58a |
| SHA512 | 5e90937abb30484843f46d972b23caaa37307d59e6ddee3facee4bace81af96910505a6a84a4719bc8512228cde8840e75c36a93be4b174dfa0fecfd86f56bbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 463569f33df0b22a1d00cb37239823f7 |
| SHA1 | d40c7940a6cb5c1a7c0fb920c6266f6389984af6 |
| SHA256 | 76a0d4b711a19dc8311ad7324b2dc27e481eeaaaa219315bacfffc9c5aa173ba |
| SHA512 | 7a2217cde94fb62973f8e63585b71b3ecdd7fa9c1bd5d9f1c9003744747c1e43d5a2f15ae5a0bcac3aa7c734848f3a6fd77d272ebba60f08d408f5a33bd14b4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bb02befe07f656f3aa37226c16103bf6 |
| SHA1 | 972febc23669be33c5642d8feb02dc595e1430c4 |
| SHA256 | 3af3fb0277e7724886e3bf032042fa0c03688989a6cd2ef6c446bf39b28a1504 |
| SHA512 | c8619ac29a9e061410925edd03cbb7b2f451e307499017f5950c0f2ddddde3673a441db4ae1679d80a07ca644c2b6029f47682b2088179b4c3cbd6ab2548f569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fd3c.TMP
| MD5 | 41a840917349776acdf17ba603d41196 |
| SHA1 | b78744f476343a843ff93bf1ba62a1dbb6e3fe76 |
| SHA256 | 17e2c2b8d86e1f5da8c725aa61a53dc386c1cf932cb91d8e3a1f0d33a82b84e7 |
| SHA512 | 8828dd977e02c7c4151544898e531eaf833bc33e8a8984a0240cbc539c63bc3daa6ad15c041ac16d33ffe4209022dbbe2ffdf43394b3773114f65d9d6232f884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | aaf3a9711c3a096320fc448a4d2abf60 |
| SHA1 | ca75bb525c1566acef77e16d1c7b7f1b6c57fb93 |
| SHA256 | 123074d44bedb2931ac017d197fd9673230cb1941535420148bde87a1998d06e |
| SHA512 | 0cf09cdf72694d742c09dc3e73654facfcd9795d9cb2935ed43f5715ddda4dfd50bb7db77f9efb52854579cddaf29dbea9a286c37ebe3a97f4cf28e80c813033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35945962d3593a66e427ff202f30391e |
| SHA1 | bad68839d06493def1015150e645b1885411fb7a |
| SHA256 | 8a399f32904e3e8675bd257cf5f0ac3f170e5a391a3a90697794131cfe9355c0 |
| SHA512 | 930b62a47757a3ddf3581ac4c04e24d2d78b6389cf0799856af6f49cfaff697a363a923fa76d0d08d7a82008b0540d6ae18d7a7688ecb29414d659f481c093f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ccefb4d2e18733be0b63ff0088e972a |
| SHA1 | c40ef73c4bc7bd38b3bee6a707358044ecd91b12 |
| SHA256 | eb51bf92d02cc5e5815a9282079246cb61e2eeb9c7377147f61d3879c3d65308 |
| SHA512 | 3afcb6f8a877185933b629775cc7fc485a07873196d1bc6ce9b6ca2f43520bcfbee64b2ac7ee949283acb119c8f19d8ea997b5687bb8156719a1654b50ba2ea9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e95df5a1-9aa3-4a02-9295-854e9bdbff45.tmp
| MD5 | 6fbd0c6f14b1912195a4972e5c0f27f7 |
| SHA1 | aa6a003625a115d1ca4ca35dc70af1734e74e09a |
| SHA256 | c1d8699f9f55789e1a6a3ade134e49b9d581903d35e77dfaea5fbdf7f2958a92 |
| SHA512 | a0088bc58ca3521d243698e008293148418c0b2875a857d0300871b278cfd6cc99723abfe700b52979ad026e068f46ebf2ca0255bbdf11ea559374946db6a957 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
android-x64-arm64-20240624-en
Max time kernel
135s
Max time network
155s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 2.18.66.176:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | static.rbxcdn.com | tcp |
| GB | 2.18.66.234:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 52.84.90.101:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.101:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| GB | 92.123.143.232:443 | tr.rbxcdn.com | tcp |
| GB | 52.84.90.101:443 | images.rbxcdn.com | tcp |
| GB | 52.84.90.101:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.46:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 1.1.1.1:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | c0aws.rbxcdn.com | udp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 1.1.1.1:53 | c0.rbxcdn.com | udp |
| US | 13.57.45.211:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 1.1.1.1:53 | gold.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 3.129.93.122:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 108.156.46.127:443 | c0.rbxcdn.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 108.156.46.116:443 | c0.rbxcdn.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.200:443 | r3---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.200:443 | r3---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigzrn7z.gvt1.com | udp |
| GB | 173.194.135.105:443 | r4---sn-aigzrn7z.gvt1.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.234:443 | r5---sn-aigzrnsl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.202:443 | r5---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.10:443 | r5---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.198:443 | r1---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnss.gvt1.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 74.125.175.6:443 | r1---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.199:443 | r2---sn-aigzrn7d.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7e.gvt1.com | udp |
| GB | 173.194.5.42:443 | r5---sn-aigzrn7e.gvt1.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | b82400e9f8f661172ddcad4dfa39d474 |
| SHA1 | 0ec32c71486374c59e29756a5d29ea33bfb7b939 |
| SHA256 | 92105c8797bf0364447d46bd32fa66e04e3c3d70e276aa377fff869ef9629c1f |
| SHA512 | 66abb6bb7e3f15d64ec0c2a81869028c18e34d5c932ea182be0e6fe579f2bbbec3dcf3a85e54b57599c70fe3fa28e406232cce326cfb84416f691a1ea820f2d6 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
android-x86-arm-20240624-en
Max time kernel
128s
Max time network
141s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 104.86.110.112:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 104.86.110.154:443 | static.rbxcdn.com | tcp |
| GB | 104.86.110.154:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 104.86.110.161:443 | css.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 104.86.110.161:443 | images.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 1.1.1.1:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 1.1.1.1:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 1.1.1.1:53 | gold.roblox.com | udp |
| US | 1.1.1.1:53 | c0.rbxcdn.com | udp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 52.8.219.133:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | silver.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 1.1.1.1:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 1.1.1.1:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| GB | 108.156.46.103:443 | c0.rbxcdn.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.213.2:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 172.217.169.65:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.169.65:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.178.10:443 | tcp |
Files
files/dom-0.html
| MD5 | ff4207f4e57f6efe8d50544c4a847124 |
| SHA1 | 0ae8560aa602051763d5bea0f2eef3a5c308a6cc |
| SHA256 | c409207b084e9d1f4d6056d3c5ac93c364e067c0aafdce677abe304becb9e10b |
| SHA512 | e5a416fc85ec3b2abcf910dd75cefda81b140c79b94d0b0c3696b88d37ad2e866a71312cb1fa844e26d3ebdabee2bf7e9bea91120352e43274b05bb90791d5e7 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
win7-20240708-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3649001-68EE-11EF-B586-DECC44E0FF92} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000c00afccf4200b33bca669e507d2ec70e4f312178a6da2924690a3437f66ce721000000000e80000000020000200000006fd582393f70fc69118a1636fbf018dd0f83ade50c3a4e734d8af99b3d1f295920000000dc240458ecf897cf298f654fc091a4a6cfefb8483b30034473a59fede99bd3de40000000e9d983435ccb7fd5891440745575446a8bee34fdd5f4cf16f5f37ffa1ed91d7233420f858e36aa580aba6569543c2e2ffec2a8c84f18314ecd5beb73e9e6adf9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10e62b9afbfcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431417857" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000fa962a6e6c512ad2d06ae790c47ebd419486e75a43e0e0409135548202646209000000000e8000000002000020000000e500b3738d80934d2d787664ed8991105cf1079d6c919563a1cfba4cb4ebaf5b90000000b09d4a1209427f8ded2c037df351638380c13ca577c869e935bf02458f778487be8b0c2b82d066d78b449e58616e87600bc630730eb69b894a3e2f7c23b215323e3b5c545789fa52ba2fd0c7405ac5fe92fdd7183c5b6e70e1a440d6382833fc1fefdd60e5b5f29d6a8982c8e39664a9d2d8539452cbc120ba97e4b855f096ff7397be0f20393386778e17ba066f5dc140000000ef88a896c9d91a2c96b5e9b07eb3bada657a61a5c903fa2e5ab6ffd88943cbda1825e7838710317ceb868e38fd530575b63fcdcfad0796d4c0f7b05a2f6c152d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2672 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2672 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2672 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2672 wrote to memory of 2696 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.3:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.137:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.194:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 88.221.134.146:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686d766d53db64c9b7d6c896ff82105d |
| SHA1 | a549d9cc41fb3c1bde49a99224aa0566e9cef324 |
| SHA256 | 087709fd1ee7f1d4226ca4b1a5e6c308d8b32545fb23eca8ce59b607dbbb1efb |
| SHA512 | fe4a02b594446d59c78cfb06e723e8e2275bd328547d5b2df545bf73f619b6333005d7cb7f2c685341a025656e50d925bc3e52c6dae1726b2085ace7564e1804 |
C:\Users\Admin\AppData\Local\Temp\Tar79B7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab79B6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | feee283d87967fecbfae30fa9ff05174 |
| SHA1 | 549f653304c7af1eb9f1c8a438a1927f8426d6f9 |
| SHA256 | d19d120d191342a3a0e845278eb5eb210decae93c611748e59a8f3a09b1f8933 |
| SHA512 | 3ccd8cce37bc3e036f6a44d4b414e29835f4d2db4cfb8a9f9ff49cbc201dadbb85308762720812c7e022d93231ce6a9f64c4e5c981a45c904eac234e122ead7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 263f9f8c189956897d9edda6b7218d0c |
| SHA1 | c81b1a8dac477a8df4af75ec1583d30e64fb3761 |
| SHA256 | f50521af8da3382445131ca029dfb0de49015f541ba38860f86ba5e4cc55fe53 |
| SHA512 | 2bfd26b4d92472ca82db0530f4150f3af5379075c0c362f01508f472e1f6d8ab4d1eb9c5a9580635be7496d9372889328c32dfadeb2eeb0d340b8cb519fa65a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d6a89507764a9ae61dbe321989b38b6 |
| SHA1 | 0f12a1456c84b4cc9568806e731af09148e72acc |
| SHA256 | f6da483eef481b04f3ab560509c4990b943ffab41d8c96b51401f33673bb6b0d |
| SHA512 | 368654394916f00e033fd4c805f72a62923afe385e646c1790ca30d6602749719e1c40a02c864d9164d8a60851a6771fa9215e8e65df23be264dff3ec90d6cb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c7604b37b5fb796e8ecf0ab6a012365 |
| SHA1 | 2e2e586ad4f5d883434032b2f49276ad351762fb |
| SHA256 | 71c1ef93858fae7509145563a9e15487800b09e752817173458bbd5157c099d5 |
| SHA512 | 59543795f8fc1314f584af1ec29769f5ac81d1f498111bff8e9d64478aac0d94a10c613ee1e1d35011876b00b89e6df5361b6786821792e428257b88cc980899 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ddc336e01231f2ac1fa4419b7ea3760 |
| SHA1 | 6ee8d758a227c8c15b6c0fafa2aa67aeb5dafbde |
| SHA256 | ef393ebabb9aaa8e964cc19c53ac4b779aaf9d78c70f2316a83c451082519fb0 |
| SHA512 | ee77ca366d65a9d0795c1939638597b9641ddd5d91e801f44284762912b556a426651cf71eef5db67f214706da345357aee506a8100a8e81d993fd9b2b348b56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 91f3ff31bacc45eab2a71d3a10769e59 |
| SHA1 | 9185211de0c26bf390fa56cb92e64252014eb26b |
| SHA256 | 1f9ec2eec12bfaba1fc97bfc9cdd0e6c0a0158c58bb97b0780c1ca0189316fb3 |
| SHA512 | 3c2765102848f994540989de677c905b29aa23b9b2e9d64ba35812bf02cdfb897f6a4ac6bfd8a97063332d113cc04ff483061cb0e3560282388ae8b81e4b33a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c2062ae4a4b1a15f601ec4b1c54cd02 |
| SHA1 | 19c2002023f430638a9c450805269b3eedd77342 |
| SHA256 | aaef948142758797e047aa32026ba48e8a2af37216fc912dbb4c735fd16698e4 |
| SHA512 | fac95a245a561b7327d738d36245fbc59699e0e3d25cbbb512e9a4ff825659b66f89f0334159e2572ed41755aef835abf731f90e6f8d09019c4c3dbf7f65ba0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a81889bdb14c7187e3857beda0971d3 |
| SHA1 | ece5970456316a01feb88082fe87fb19df60bb14 |
| SHA256 | b73a54a3d84e86092b29ff4615f4618c5bb9815844da4d7d3e4a73649c517074 |
| SHA512 | 4b3d94ebacb5c17289d5b6e3c3ece2889ef397fff668aa726c7f7c01479999001e7884d269bc24b6103c88d722e6d25f81199f825513ed946dff7d2eb6cb83f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9f3e106909e5c1110887867e9746ab2 |
| SHA1 | d8b60ab9a8908855ee0d8052eff428ffd46b735e |
| SHA256 | b64924368f096020b1b0210cd0e47f36900a49676643089f39754c4d444c838a |
| SHA512 | c2fd0cce30db3239e1bc4954cf8ef408b8321a878794d2ca442fb1e00e27ac510828fdab7b679073a033e3c3099b1bdba8b89fd84973cbb1c07317cc2706ffb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eadc046af562cef76dee1853989e111 |
| SHA1 | 7d8c49282f25b2633b572ad5fca12dfad60ed678 |
| SHA256 | ef0ee30d5632a603226bb74e0bb23c8b2d2dd0209b227f4c0c0c86ffe0ac893a |
| SHA512 | 5847114addf13c62751243267aeec00a1b3faab9982bad397069b31506995ab89d85bde69852f5ccd049d99c47f11fc90267ff14457fadecd049205ebee50b6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd45007da0143fb23b3b5d7a654be1c |
| SHA1 | 2a2add6614ded3625fa06615b8921ae0765c9c6f |
| SHA256 | 107d4365b71ec9f6b586f4074041402f24fa2dab3b8ca40af2c695817e16fdf8 |
| SHA512 | 24a3a51dae5d10fca0df12f765e1fafd34ec8b1dfda9575373c14188d8f69d0f74c824a276c187aaede91b41170bc884e1e152f2004eb592c583d7e623dd1f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7644212d4c004be448925c24350b932e |
| SHA1 | 401946109e523684842475a677e61b56f0e218de |
| SHA256 | 1b0f25df8f99242dbe883a5aaebcdffcd2bbdc221f99c77dc5dfccf95bcc1aff |
| SHA512 | d303a72f070317fcf633583d0b47fff69bdd03dd1853af696ecf6524eef66539ac4927f6f544a58b97e2c095c283c305eeb0a28804c2e93a113c3f5303b1fc26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 166498e6a525fe6efe96aeb23df6a9e3 |
| SHA1 | ce49310cf3b627f37848226f04e86d6d865b1b8e |
| SHA256 | 6e74610ad1428e4ed987920a56461ef2b01fb86bfc23ee10a29a559cc06963ee |
| SHA512 | 14eab40c5fd7326fd489a13bc6f0b6be2aa369c7b1cd2ca9af5eb0992d5643df57f263514b22664111da371ac89b5d73e2268587557d7a8242a3d25fa26b8a8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7ad0c4819c958b5f3064541722b7f3 |
| SHA1 | a426d61255eb30c68a720a1aeb94dc03bc251485 |
| SHA256 | 1ea6f6e590e840ae304ef4fe52859635e8f7e56fd0a1de7e9fee4e96924372d6 |
| SHA512 | 9dc8f5342a7f0ea65cc8de8db0e27e985ef971a5d18cac6cae97add4a8b650af80d6f8ed3979b05f17bb9633485c0a981e45ed8065a234a047c13544f3e3debc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34a36e98c56532556ca6d2c2cb5a7fb1 |
| SHA1 | 005f0a54d0398b97cdc0c775e53791c8f67e17c5 |
| SHA256 | f53a69b62486a6e753769b675124d72446a37971f83cf3ea095f5e25377a670a |
| SHA512 | c772304f92b00c355d657f7bc9772b18aec801924d76a46dec563b180c2d8436a4aa83eef9647474e3c7f421e39cbf300311ea646ba65d3db1db0654effa3a50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb1223c49e23f408aea7081a7475b918 |
| SHA1 | 8e7be175b58ce59f53466611899bf9bee3c416b6 |
| SHA256 | 9553e3766999a2541bf9d38f2bca0b14fe6de51e0ae30005fd44911acba2a58c |
| SHA512 | 9a3bd3ae1679d84e0faf6abfeeec01ad274a0af5f4c6fa5f868997e5c0835eda702fc875bf3bf600b21b214452e7b3e1ee3b0816ac6e5c0376838307e055b081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05af5364313ba080ca5db62263fdca0e |
| SHA1 | 1cc8082f98a859b81b8ffd43a5ba700f6be3a3df |
| SHA256 | db83f203d6871b3c0d8270d6b8ac00d0aed6b162c9760bce687abc7625004377 |
| SHA512 | 1f4d25d9d9ab9b8cd929d048934a5d929ca815b8bb25d3de780e6034747efe76cff933a12c6e9638cd6b3c9c57e7381490b82722298516ea3bc08a73b93b5162 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 889c47bd0c2d795112636608f6fe4cd7 |
| SHA1 | 81b2e45fc37c8000eb4133ae27cbb2363c0389a9 |
| SHA256 | 01b1fe6d8b2776551b24dd29b0644fd4c687e355f33a80ea94afad3dc35d9721 |
| SHA512 | 6365d32cbedcbb9d34f6e460a72fff1c1ff05dde8d5d00190383060e03bf8b5959b0097a5daed16ce31073b509c60ac59a6ebe57f6a3d2c2f63e3be51971a50a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c94ea225132a3475adeb9790735b985 |
| SHA1 | aa83c60e175efb21a31a00f4a38860130acf3aec |
| SHA256 | ac19e4068d8fd89f39cdd0bc410b9087a43884a19af3d130086efb9f3a7fbcae |
| SHA512 | 593d3d5ca23a9fc728ea5e9c59c87f0bc54f52ffea679cef8689befd9cd4587ad2e55309c3f97d0a690dbbe53b544f88f7fe14a958758c39a3bb3a0a6d7b83a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7c0c9c82f90b97ca929894516dcd10b |
| SHA1 | d4a0171ef3ea2738f45021562c386b4b95139bd9 |
| SHA256 | 42a1cf57e12c2df012d7d519868702940c553adc3833a3515bba7c15340b125e |
| SHA512 | 1164b4548cbbc355d652826aa71ed9df75c5fd888bcbfcd0f30e6ae23c0eb2c9227620f7647d8330dda2bf98563feca9a2a44e9aea318711dd48e5ae79eccb39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ebc29f666666e1df9456e2ca78cc970 |
| SHA1 | ac89e36969b3582479e4a33b8b2f0ef8234520ef |
| SHA256 | e751251181f82894f72e5282a141f2cc48cc5b2f55de30ec2f793bc892f5b726 |
| SHA512 | f28cfaa1c9110eb03ac69fef43175081c06c8c466489af1e694e95652b176d04d898d7cc492c90f740d0efdd22d489ebbd556251a69e65129d27bb9051df71c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92a1fc93ee44c011e49446730fc777b9 |
| SHA1 | e24a3e7a92542e1790636dcc6514e711bcfbd72c |
| SHA256 | 5a0295555b285e1b7e4e178f9bd41fe5c116da4d716582283916656492b5b859 |
| SHA512 | ce02f340802c6d9e52f4a3de747a5193483e62a52f1c84e66cbc6055e96e9c1cf8e900b6d1ec9f92a881272fccfa78d642e3d1d7aedf27a827e0c9d67aadd20c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38817bcdb17282b7f5abf83aa1d0000f |
| SHA1 | f6c5a60ea9d8e146f2868a7cd1306000832ba6cb |
| SHA256 | 5dbd0cc94d9be5f0ecf01ad368c32cacc92196419dee08f7111d42a36b8940b4 |
| SHA512 | d3e1240d2137b9c0c572ce07a594302947fd835c3e1d9d3aef8fbf7d97db2be35c47377ff141b9f7b5e035ba7d7b88f42399aee97984ad25e014c9cbf2119f9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef79ee7b8bb9cec339c8aaa5f315fa98 |
| SHA1 | 618c6a87b074fbfd7f97ebbc5c66295bcba12ba6 |
| SHA256 | 5326fba155caf08bb7ac67f020d060c1aa23a50b7e5e20fb2d9362791c9d7a85 |
| SHA512 | c4bb7603adfe647ff57915781d2998adc1519a40322205bf69d36668f49803f94c750356d845e7a164337fa1e7dff6a95c5ba228e6e89140891003de76fb904a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4ea94f15a1f6d39d732ecf147269803 |
| SHA1 | 02c1900dbd56e59239ff46a81e93f5535d2d2f69 |
| SHA256 | cc5ce5d01e6f5dd7e27de3fffee4eba05b36219ff5ac5cc0e18013a7b5499162 |
| SHA512 | 8252be8a53fa35507ee9c9b72a0c8ada495f2e53f171f613b84e49fd9ea673a50794c69e439e077657edd645f7b09dc1b670c4ffe417e58eee1196a0659d1908 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 314d447c96a577a18cfdab07e1d6053f |
| SHA1 | bd12698aa1fd97cfb9684b646f0740ce991b4390 |
| SHA256 | 2cfce7b36321ea30d142269ab7ec6e01eeef82a9d1846d77042fb6505ab5fe2c |
| SHA512 | 5007f079c7369f959dffe6d3439769dc33be11e6ee3c7cfc07844fff47b8694a288e77550f20af7c3a7a11f5096b523751e3619988072bfd9b56667afb261325 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a308c3823a4be52fffc4850b2bb19887 |
| SHA1 | 16cf8b84f069c5fcc5c4fe33e8fc90afb4d39d21 |
| SHA256 | f3cb9e7b210e7f9ec96d564a885cc363fbe2249eb99796c6512c70c70581bea5 |
| SHA512 | 2cff28f84277fc80355aad51bcdb5ef3dbe33a59634b19fc55cc8b6d9cb6c0d4605a4f73148dd7fe9c472635c32a8d71e630a64eddb3a5b911bc2dbe3705a0fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e8dd129dd5e66c8ef34059f6b8b4c22 |
| SHA1 | a208f19438afba7db7c54570dbf1b811421de846 |
| SHA256 | e36af58c159820201132977bbceaed6caa3014f9a51185624839cb3829ce7eb8 |
| SHA512 | f4ca16772675e301d6278d829daea5a7d573bb5d4421829ac1aa3438bc7df4e9fab82be7aabdc3ab901d698bb714855220ab01036c4c00c45392237dcf19f26b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c10edd42ca0cfa79807d923f543ffe1 |
| SHA1 | 72590cc662b531a24785fbf27296d7d508cbc4ff |
| SHA256 | 3182787e96ac9170795906145878dc1ee11e53ae6fb65b8893fee8ecf290effb |
| SHA512 | bb400e812e7f0aa5668ec3816f31d4a09f01a6fb7213ba25a747304cff05af8aa21b65aa1666991c04b68b747ea2d8d5806b0ef36f2fbe97819e113f2868e966 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65dbe913ca86308377ab4429800eaad7 |
| SHA1 | 4d7bb065732c43120d3849cc76f565542907bb35 |
| SHA256 | ccca9146c939ee59f6dd58f1d074e5484ab702f32358f0f461a95cd0c3423c50 |
| SHA512 | 481190b0079801b19bf69a74b7725ec9ce211b8ad4bee54a415b9b576e50aa96c4d74ca9a175018a744fd237c2b8866d34630483c12914b39a5d43962cb591ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2084c021dc81025527774f694e04e2af |
| SHA1 | a677f5bb04105f80bca2323cda5a5d45ad06002a |
| SHA256 | a9c223fbf26957fe5388d4f87a5a1008e3643321a0a52c5f25bcdbabba1d460f |
| SHA512 | 71dbc2881d25348fd84a7e3e659e07e9bd9f9039a8bc34d298fb4c2b97c08d26e20a1e8a6c0d326c93f013317e666e7dcef3b79ab9ae7883d4f10ce27f50c659 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77c3294ee11779e3021908859115e422 |
| SHA1 | 66c9b202e9db168a8f928b219a4ad36e6aae2625 |
| SHA256 | aafe9c910adb036d2146ccfc84a2aa567dbd50a0e11a0e7a9ac52880762da3c9 |
| SHA512 | 8627d0b52546e1d3ba3d5478da68b1a57e6f99bcaa9ae8b74410254c46213a83a6b9f051915bcb34d5b0af2e8905123fca6809faf7e0473849d2eefeaffcb728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 394ccd809eed9d736e7218c4616c884b |
| SHA1 | 2153c4da996bb02393081cfb850ceae1c16af136 |
| SHA256 | 9bd1da0d7c846f7ed3d22ec37daf46de4ae45f0110d2758eb4501210f4025aaf |
| SHA512 | 8abc4e76eee8f42531b942a49f6fdaa67d1fdfbc7047899457a8d73cd02bbb7e7b2326d197c7daf4593aa2f395b0f6126ba7b23aae3e06c79feb4f1b5f933467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f4028b436b2235220521d43ea947221 |
| SHA1 | e8257d656b913020f51e9242554ec4e115883091 |
| SHA256 | 3729cd1e45d4eeec4c2a48d21eff5fe89c78cdafd7923351307b063833f6f1a5 |
| SHA512 | f242c689b9e21af9518f4c79d764197323d7dd2a0789c21edb9c41d0bc58b76123e263749ef4e6d0661a0a7ae970241254f907b815517bd0e22cd0bd06ca3b53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67a4b78955288739ab70fb72123f8356 |
| SHA1 | db7dc65fb6b458ca1648d2900451e08828ad6514 |
| SHA256 | 6f84332cfbb8b28094643b04aea3bd622f8ff9494301ede99db5baed2648213c |
| SHA512 | e1636099f024f76e36eed5c92ca3eccbb8c82d896f3381e9e471da4aae387f019ca0e6ca6e86844ed9a3982a43dbe503a277d148ce3e53963aa91b037e2a31f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 052267674a8f8344634acd7bb63f6594 |
| SHA1 | 779adc6b6758beb33301e53a7417f2d6e0b1fb69 |
| SHA256 | ca9201d8b4d4e229042e8d3a81551f2c9d33e85db0ad76597cd8a5fc69d179d4 |
| SHA512 | 493a620363fa9caeb989064f10cea548809a4d062ccbc2009192a88357ae9bf7073fee89567b5c5bb04338686d9d27d674fb52feae0825d6c40b52be374e0405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84499ae3ed23b5b6f3300dae859df0d8 |
| SHA1 | 86339a6bac6dcae916dee3e699fa776088469317 |
| SHA256 | 270f74d5b61f16c352cd03b22d8c9455e10be274f469bd229ec49ffc97f51e19 |
| SHA512 | 04c6ee6564e9ff4e3dfba15a941c5c2ac5d2706435c99f657c3925da6b91b1e1cf109c01f3b5dd4d5d746e00d93b03761d6d97ea5750d7edf7618cc2642fed38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 592582c157c5d1013da28f2b666dc77d |
| SHA1 | 3dcfe1b2591e011e59ebbfc9a992a88af4c7b73f |
| SHA256 | 45176ae3e4ba80d6ef0994057c0dfbf15e9d94d16eeb0d00bf485e9c74f91851 |
| SHA512 | dff12616013b02b9f1b970e02805f65ae42acf4144d3b7603e6805a66245ec8182e197278374a1ebfe1e6f779fcac350e49f3a1c27565dd7f7c6a74c7b4ed32d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b4650d974009f5f301e22ffda2e13cb |
| SHA1 | 4e5a0a27f2ee31fc4be3993b44a1dd20817871fc |
| SHA256 | d2d9e5612743b0329bb3a2bbe02f607fe3fac359fddfd51c9312a2aa6ff5e989 |
| SHA512 | 0626cad1c4b17ef35e93dba03b4771a70fd95ad7e03331c5a55ccccd13340e1aeea7a76440470aa920d032bf455a332338d8f1c535cc71ce8e577c10fa193c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1114b73ba055668a73265206d65c3a57 |
| SHA1 | 4124159d76bc634604decf85b4d7e2d599a1063b |
| SHA256 | 730e527b7d6997de0fba55dba96dbf5bafb31ef28eaf9a66bc68f5fbbb9dc7f3 |
| SHA512 | 6b8c527b488ee0748dfc3f913ca895c55c81c2ccb088b7e6f3599dcba9fdbc154c7818416eac2c170db344ae42590c3fadd49d4de148c21a71edcf66eae2cb82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a62568d22631b8d3f405ad2b86b1c1f |
| SHA1 | d0ae1fff2a5fb1c1bbed96e45f6944e9e4dfaeb3 |
| SHA256 | fa50940dc7c33b27cc975514e9d9d8f4ad3442c2a9eaff0efe8f9d08c310cf4b |
| SHA512 | cf3eb533c61270a65596615658cdc91ecc1b00cd497ce90afe18b3acf802dada2b6e70d9028224fd733228723f268f86720c5afacf5ec11a41b46d8df21f88ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 908bc9890c27577f62f0189cd2cf3ff4 |
| SHA1 | 3d8da36db1dc53e8a9bb1053f2f931259ae43131 |
| SHA256 | cd9d88cf071457bf8c337fc36b64c31dcbae1fdb1c1d45806118d30e6f4b72ce |
| SHA512 | 8427746101c1415c1bf85854d27c36d501e4b24565e64c033189d849d2f6b80e34bf5703f1ea4e6ebf2450a6262519214580994f3c3249e7ce372657bbfa1eea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0d8d9ca90a47cb03488fc1e7b098a4d |
| SHA1 | 1323037675c4b91b5ce75af4d8800e7059284b91 |
| SHA256 | f91fd1d23dd8e6e38db2541a6ef3adc0def857abee6a97a2219c6682d7aadaed |
| SHA512 | 32f023d705757c206d309ca4da52cd2d9137e7c52c495a30761985cc30361348f5493313c9ef3820668509e6582e060827dc0ab825c15f15ade36627a93ff84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 663bb75ec3b1b528281061ebedcf1716 |
| SHA1 | 93b027353550c7067040c6baa80bb107a950d14b |
| SHA256 | 688c81f4073536b12a7a0ddad5d2f8d47ca8e6acf4124f1aee653e108ab4854b |
| SHA512 | 356269244096981cf473738d0da29c6533cd23af1ee8f242edd05a50f1cdbd8374eb8a6eec608d5263640dbf3f632ee99c24852bee349d7967bbd100ae857f9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa90ec6740c144cabe41f58f21463b2d |
| SHA1 | c3974a6bdaeb0e3e084a4ffc848ac55743efcfcc |
| SHA256 | 4aed4005bbaa6b250cc729c0034d31ac873052010fb80c25a470954f2561a826 |
| SHA512 | f5d1cc9e19f3290e9d77eed6adc0dce6a692786272b34e53650d43dddf85eba08cd05630b386d37e691c644b573e0701ec322cab8990fde94e6728d7eec03678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c9621793e9b51a8d6f4761648dee90a |
| SHA1 | 2e9a3e7857994bf763c1eee03405a09f9dd54842 |
| SHA256 | 3f7a670fb4ef2084f51cfaf0d32dfe00d5391b4b08c7665cf7d61f6bd3009b09 |
| SHA512 | c06154982c7512ae0a8f30c751f5a620848534176c81aded64a52c3e65b5e40c1a42407a076db708f2f594bd1c756724788650d63d71e9d2a6cfd91aab9f2539 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 281cd1f7148ee9545bea374a1a0c8840 |
| SHA1 | a5ff1287c73ca171d54a426e60c2f15a0fa626ee |
| SHA256 | 3bfa078bd714730a273221abbf63d78ab87d5e01d01406c493707ca0f43c4aee |
| SHA512 | 0244362927cf2b830f99491bff26ff6eea4b429d86836cfddf8684e5b882e716e074743dd28d86621912abd12470aea79217aabd11d172ca7232f3ddac7211cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a879f466e054a4e6640e38fcd17b5d1 |
| SHA1 | d6c7b655fd63a164c47592460dc45b0c1f39cc5c |
| SHA256 | 6f32ecaba74333a533a28e648f233821b53193c2e5b977968b6eafe9e623a0cf |
| SHA512 | 3893ca7f51672292d942cac32f9ed8e592ec1c2eeffbacca996f6abe984394b2f81a7775eb9ba53918f7396494d820fa6894b86bf8cb8a7542b3c94443261335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8952f9a2d72ad6045f116912a29aeab4 |
| SHA1 | 57c866c89974c78a5531a3aae30de2371155b460 |
| SHA256 | 80d1799524105f2aa4b798dfe5c20645532c2d8dff02c24af4c865ca2f6896b9 |
| SHA512 | c9569e27aa18655d192c7eaa783e69d4e5a85831ef0dff9c41db5a60ef7d84f9c4a0b26b47f4e76a737f66fb26cbbd5c9bc508768610f5ac95a6c7bffce4d62c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 712fcb6d048d71e7969a22344c871f97 |
| SHA1 | ac375f0d84c7faa0fb3c161a2cb7ef9ff816db82 |
| SHA256 | c8ad3bddab81fdb49befcf17a73fe1c49c4d13d4f8b38e9863f2ca90e2c4d11b |
| SHA512 | a974d6a66ddc2a36e901ef383aadab6484de4f181a32b6fa806b18c10cd0e06ef1989b25d2feaf0ff505a2c1977a56f772854ffba72d5f7b1ead47bfb9412f29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64542c60d03dcb0ad9ee2ca4bbd0914e |
| SHA1 | 7b281d2a00810fb3beb26e2278a92471e39bc9e0 |
| SHA256 | 4f46e8fbf1118ab6e85e53e6763fe12c3c2bdaf4109b77e12c8749c3e3e2f95c |
| SHA512 | e29b56a8b4dbe5d237f977d40d249e704579155061bdde2de6d70858415193f96afe097afd2202e6e285ddbb5651cef990060495188476b746fa365420a69a38 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e6f292a6877e0e817d9270fa4d5f0b |
| SHA1 | 43d81333e4b59cc1bdb8478c253c4db2d0e5551e |
| SHA256 | 8ea382050902236a1b0d2e27a68675bbfd945de82fdfe1083537550136647c63 |
| SHA512 | ef93662a3f9ce8c25655a5550cf4d136e349542e6a4da0d52fd0c19ba8d5bb78f7179909306366077d4a43c49df28ce550c90849e773149cb88bcec3f24ac166 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c063702e59553f72bb379327ff8df04f |
| SHA1 | c002b0c92cfca26c82157b246126cf5c9a19a7dc |
| SHA256 | 554c4c9152c078ba7ff400755e2a943b4fdeaf28f008c01e750e9ff105b6bd25 |
| SHA512 | 31f2049ec87c810958604f6c56559e9f2967ab74f984ae7ee526b91dd165da1efb7b9707bac6d84c6d4417abd4e1aa219a32fc8c1c2218860e64475b553ad169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f28006fcd84b27c852b0032d9f5e4fb |
| SHA1 | 3b20d013c594978a84a90fcf7279dc9c01f9fe4a |
| SHA256 | 1a5f0c22dfe9f7b4df7b212779778d0fe827da1401f967501f72d3d7ae616735 |
| SHA512 | acd4bc47c3ae417e8d84a32ea938e15994e2fac25c574ca6fdc72515777227291d15a83242d4bf8bcb0146252a7c847bf8c3ab3136603234543640d209c01f5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d281f48c839cec57ebab15b5aafe959c |
| SHA1 | 5dc4bc8df4f8b64b95ec78ef1d3914b61109380f |
| SHA256 | 0ebc78cec366cab641a3d38d3e8d320ff3a86c1083a8060dccd9e9b54fcb3c79 |
| SHA512 | c2faa44114589683b144c7c0df9110dabc62536848f208306d2e8b755e08cc0fbc51fd5622417e0f6923fcd3289d4a76bccbede21e7f606d8182754de91625ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a404e81aae5a3114b89452137eadaad4 |
| SHA1 | 28dd6c6711fba98f899cb37ab4ae0a97fe9f4faa |
| SHA256 | f2c97e3a59d5032439024f05412b630cfe918d1c22402b015e2fbcc5f1cc1331 |
| SHA512 | 276268d91f7968733fb20b934e089e552bd73fa247a117c6f8930a63ba77358d12d9f82bb9692fcf96132d6545f53ea0bb47d0abb47cffc8b16c8e6121d6a063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0983964e938c7ac3fe454106c9929d72 |
| SHA1 | 6168f5101c6d620d193036ba99485eb937410e5f |
| SHA256 | 3849324c05fdb09a434adbac826a6dc17d58095a50fc4974a5fdade375824fb1 |
| SHA512 | ee6808a3d401ba6c32df628ff0830a0ac0e979428b0ccb738868d63ef46e18ada13fc374a2dc66b44b959e33f413f0b42c6ab255bd60892675d25c71868c49b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35f93a2453042662a5dc33bf1d0dcd69 |
| SHA1 | e844b52957af7d7471e301a9921798e449e85506 |
| SHA256 | 170cc727d5e524595574f26dfd0ed7761082093d1149605abb09105070789a5d |
| SHA512 | 34f88c9ea51acf42fc803d1f429477d2aee791123328912d10e5fb5646825a0b809f47c83ca51e942f365fab02b23c5ea522e1657036a502f68d5e2766e8727d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31af2a332f7e8107f2d0dc7528544b57 |
| SHA1 | cd3dc2ab68d69d73f9c482b17964ce175ebd29e2 |
| SHA256 | c04f0776567f9d4ab9bb16d283f52168c6d5fd639e636d010cb186a84300fbe9 |
| SHA512 | 598da7df05b54fa84f7786c564d994caacbfda9b2b0a12ea960feec356cc889c2825980f0e6124ad5c81a7ae18d7f049ec18baf2b451cdc2dc4f31668c8d8941 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8511029802792e6f2690a985f24f612b |
| SHA1 | c31bca7d98eb392451abea8682be0d4dd8b4f785 |
| SHA256 | 43ea1c12f0ebdbcd0e68ed4bad88ad1b571dc303e76b96638ccb74f0034e758e |
| SHA512 | b8eff5112ea3d382e075b58c679ea5d7a3b89601b594bc26da4297161731bd1dae6c4dfbaa0d23db523c7603828888c34f10fbec4240d45958a2fb9fdd996f1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e990a4a5d92a393392871ca94c42a9f9 |
| SHA1 | 3f137a662238f3a80ad0a7a23d1d91dced5206c9 |
| SHA256 | 98e232436d6d551590737d5695d97167ec7039fc5107074b9f0ebe9d20a086c9 |
| SHA512 | e55e66ee10a02ccbd891f72a7a8060e07c74e73de4296b9e25a15549caa6fce8b16f2ac79b3a05d2f1308f89d2d2c86ecb01e008e4664c91caa868b36db97153 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 537dd2a0196797bad9f8cd4976305b59 |
| SHA1 | 1fb72139dab11fd5efd54482ec570089286e2361 |
| SHA256 | 93048e818500ccc5cfeea7c3fdfbe65779886417f73cc9f9915e9170b6be1cd9 |
| SHA512 | 33bd0fbc8d5c8c245de895a7b846180a238fcecdac36f814bdb0a62b52ab2e3952d0de46e62e3f925a824ff95ba23fa0ee38aa323de7dd6c69844fee6fc510db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71fdd3978159d235d7d49ffe75029fb1 |
| SHA1 | f5d99429c0ceee2cbc6ab0995d63e1a90e2d2210 |
| SHA256 | cfd3529b809d5ce94db0815a80d7b875a18eb56c518fea506b6e971bf21125d0 |
| SHA512 | bdd47b9e39bee76c7a7615f6c2d9cb6445e0d839c77e4db518af84b678102c7dc15ace54f410b46839a7e0bbdbf4d48b853d7cf1a11eb33a487c0e8e5aea8c70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80c4b660106801b24de148279d2d61fc |
| SHA1 | 91a41b528b40a0e0fdcd8fb6f430618a758cd4df |
| SHA256 | 25a867a50195d4c2a80f303b810570a0002b44f083ea3bfb55d6f09e09adac51 |
| SHA512 | fcdfbc6693348892d65f512f2ba614886b2cd175028d6741c44c94a1f04e1244de9a8c1df579c6af28b865eb36d7b72f4782bc9962d3f476dfdd73ab6b7a5857 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 512d88ce3dd6401769ac758c686c3856 |
| SHA1 | 9d7f8e7cc584499e83b348af2c770eb64bd6d5e2 |
| SHA256 | 6282701f6905eae187351c420eff21d66a0ea013cd6e814a5649a9d33ffa8650 |
| SHA512 | 65d799567aad28c2ec12e48f1943526e26d4fd3cc8c0ee5129ec123752ecda110165a315ae045d8a88177781bdc8c6d673586735f93767a76b367e5fad57203c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e3eca37d27558cafdb174f6cc8c92cd |
| SHA1 | f773d3d9215dc03bb3547e9c741d77a64c6cb0a2 |
| SHA256 | a944ddd4f73ef473f51653702db19afd368d6f35d83184726ab7de0136ed59b4 |
| SHA512 | d514229d5c00b50505596ef6d6747970851eb3ecd494c470c16ef9cc8755a86d8ded459035cc01d0e250d50704f6386561f52feda494c7d793b29b4468b5b20b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59a5258531cdd96c8ab8e8b4990dccd1 |
| SHA1 | 9977e846b34df44af078592d0562aaeebe9b3d3d |
| SHA256 | b9e52505d51c9b419526aa7cd45c2d0d31ed232d423a5a8b8d99c2e504ba9e8c |
| SHA512 | ef20d88c2a52ecfa35dbcb4218538c91eb2b86482c0f89a64f6c30b8a17f3a248fa845909d0812390835b2a3e49c0f194e9e3eee72a28dc1df2382afd5778cf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad01521dbde1722af6f5b141b3a4c0bb |
| SHA1 | a02b488514286b40ced24c85987cbc5283e03e7e |
| SHA256 | 9d486490866167cede7ae5a993f716d90e1b2e3555ec1bc9c74b25dbe6374364 |
| SHA512 | deb3471916408376604cf924c1b6eaf9f853600452b58cea8e476e15ea88749bc08dc323f4cecf0e93382b8ec98d285766c519ab976b65022cd13452b9cd4dc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d742b2bebeb079380a1f2b15aa1cd050 |
| SHA1 | 90e114d59a52693953047a9e4e78d71ef9a50999 |
| SHA256 | 39e338959bd59159650c71123a7a81c1d66f578b77ba68fac78e0359a3c743af |
| SHA512 | 94b02b980105d756428229aafb56f6222083e1e7c1e2a22dd8ce992bcf6bcfba20d0263d268b87b873163680565fd652d8f83fb2d5bcf9aae49757c0cc4c0265 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a8e5c09383333f8e5b722bc42385177 |
| SHA1 | 30bba7845e3f112f1c45f1929a04275718d423a5 |
| SHA256 | 58f66a2d00e5a817995cf79da3e3669be6429fa83444169590cbfeb97cb42360 |
| SHA512 | 6b0a144177404ef06c18993a2f2f83f1d1a07dc4dfe735c43aec92707dd3d4850bf110b7344092467e294afaca3d41996dee219838cc7012819b3cc51993b99b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dcf1d7913c7b46cf16f7b2b90ff0c00 |
| SHA1 | 8e718f525bf9eb6f3cce31a714dfddcffe3a6c90 |
| SHA256 | c69d6c7a29a7657d311516baa7e7af8283f4608b3b75bb9ddac4019e9cab4453 |
| SHA512 | 075e63aa89f0a0c519ca711df2ec52880faeec1fed4696b5f0ed8d25962b2e5603fd1c1ab50fda9a7a2bb108c85e19659044c987b6c120b9e99bdedce867a64d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa6e053d47fe5df518fe46c8732ae3c1 |
| SHA1 | 5c7dc978f874898574583c6eff175671c7ac0f37 |
| SHA256 | 005af2daa2d4e5914746a0b294c1dc13f85d6966cbc38493e9bc702d8bfe2bb9 |
| SHA512 | 64fc53048bebd109aada381a93f573adbca19a0d8216d7ac34798b28a9428a360ac2c636b490748f7b01bc6b2ba912b7d5df51c6b3493adf0e1061096e658dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b607e9fcd18b452ff66e762362c22831 |
| SHA1 | 9e82fefae7c27a4f295cb30f76bb789c69001254 |
| SHA256 | e2d8a308ddde581017b744b4e3212c7643d1bdbc5a6d4d402c892e62d2caf3bb |
| SHA512 | 4c2bfa40a89df8073b9dda3a0819df9f801785d71c5f27b8e9b402f4de1fc1556cb15ab84564feebeb1d07179078de734c82f18fa5fd3f9297abcda57e700ff2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NYKN9RYI\www.roblox.com[1].xml
| MD5 | 36af94ddeb82979f2a2d10121b2baba6 |
| SHA1 | 4a9eecb84164850875693d52522abd79775d1749 |
| SHA256 | 03eb6bce69d8221c46d2bf3dcfd4682846c7731d41f9bcf12ca3fc3fb4bb5a20 |
| SHA512 | c77ff58929aea203b0a44f5a081976cb1656958572322bf9ddcfb19db22e1043971b15db13f1f64b2cc3188d98134d0c5e95d7d74332f9a3347e5c8240e4e390 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\js[1].js
| MD5 | 8fee2270d3e930cd8dac0fa80e521098 |
| SHA1 | 90e51589d0eb1c979561ba14e8736aae8efe0051 |
| SHA256 | 077ddfb642c4dfa2f7e6065430e92f9c945895d72b8608c0309d6f2c56364eaf |
| SHA512 | 682ee1b335ce7ab34ca32247432474909479a559f23694e15a7bbb38148192ccfeb5ecb30c2c356617273035e8795e33ae2dc39aede725f1e05ae02c35d5e1f6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NYKN9RYI\www.roblox.com[1].xml
| MD5 | 1f623bc13f39bcd6b6ce02b543444167 |
| SHA1 | 31bca3332c7cdf5eb161a3fe07afa9cf1f14aae7 |
| SHA256 | 5d0c6ec1ad9bc88128376f58249c7af59597b9c43911ffda44988a8f8eaa37e8 |
| SHA512 | 1bd0cca5a804a5aa0b18421b18cc734d981df2ea5e9884b41b45355ad904653fc445a2fcae8bae3798a06a164b7ffcdf9799cb0d3a3a8f5da689d9bf5f59561e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\NYKN9RYI\www.roblox.com[1].xml
| MD5 | 5bc914b6c6e2a7ce2324776233b1865b |
| SHA1 | 776ccbc18538aa447869ffd1664c80a44f59812c |
| SHA256 | a7c1d1d2492f6d01bc747480015d3c4df027ffe2ca7227cdd695c63f61d42ecc |
| SHA512 | 6368e354f4848001de87965730ca4ed195822e9f1d22545373675d709ad138bfa551667da402c7565d766f89de86cc12856a384ed186b4bcd0a110b45466ab3f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n4uupnw\imagestore.dat
| MD5 | e92d1f177b5c7c92117fbdf07db5c355 |
| SHA1 | 853fee0b2b5e760553015a4cec8c1b8a12993d5c |
| SHA256 | e626ab41e3318d695cf9caa5599709938ee014e1fa0d059d7b75361974403328 |
| SHA512 | cb0ac011723d1704d0197fa0eb8ed73f8067047a1176c9146cda8df7129a7b86fad6fd8014b4072b4eab5fa0ba756add354acde0ef26c429fd7de79111778d5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40dcdc6933ab17c3ccef767b07c7b2ad |
| SHA1 | f33d37f9d0d5929ef46dd207885fc414ac1de0f7 |
| SHA256 | f8ebadf15f2b1be8e1ec968838e469fa6416faaca54fe27ab8b47d3dfadbdcf8 |
| SHA512 | ec707425eaa3aa5154911bb13d557a68987d9b7b8d4f44ccfc7b2ee72d7d72aa5c97864d98aa9ab17db04eeff24ecd36bffd2662fec9888b83d555370b01661c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 348ec045dacfb44fce6c83e00bd78ed0 |
| SHA1 | 57a201c4449d52067b80b28e07fcc06426a07aaf |
| SHA256 | 5a7bc3775f186cd2afad41b3d09942f221b825d4072b32d4b14b4e1852ab9f87 |
| SHA512 | c5ce8a1c4f950b6ef0e9603f67667879953273b6dc3a9a7b45a57cebb8f6f167545221a7dfe22e2066ab90d184046e01384394c42832756199ff58b4c7845bae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a3ef9baa9f3485c3accb7e1ac7c7747 |
| SHA1 | 89bfc351fe416261e61c582c572b184127bc42a6 |
| SHA256 | 0aa0f2140a419441fdbc759514df2f5afef6e0bbf160cef59697df7dbb9d5300 |
| SHA512 | bc009d95714ff021f5cc477272d7ffb29d822839e7d3a5cd659caf7e05f14a67d5f5ba93a49d011f9c70bdc0a092ea07bea6d3ca78995d613e624014f59000a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e91760c242794fccdb5175b2e43ede0 |
| SHA1 | 5e3a9fdc168f9da32c3e7bc475c562af340d3eb6 |
| SHA256 | 0ca9d65feb6aa5dcec0fd04f4f5ba24eb84a3e618456f33a2ebdd8ad68bdf60d |
| SHA512 | 88dfde08f69dc56fd129cf1ddc1e0043964477cb9a7f3b7763d09367617a43445eb132275b7214ee456eedbed2ed2a27d7c7784228bbcd5ba0ce4845ad81284a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5741de812458e996f73fb9c03d07acf5 |
| SHA1 | 10824d8731f5be749cf7460864660420cf3a87c9 |
| SHA256 | d40da58fff67f093ef5de7aabede31c997d943492676136920b3468885172e0c |
| SHA512 | baa273cb40deb0b4033a672f0110962832f8a583a88f5a76e2c47c13011723c5cce0af4040364992a2854a079386e415c101f0d5831c55106bb5fbbe7d402462 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f0cd6a4b27d8ccc30229407aba7f5d0 |
| SHA1 | 6c994ec50e9878087e0fdd97d9d824d5b66b3479 |
| SHA256 | d0ff9bca7cfdf8b0be3b612e17e12d7b13eeb057d25471e6013843d81bcda26b |
| SHA512 | d4d627588c1ef3a8835929ca43d3a9565b4bd20dfc6323ea05b08fa595dc3df0e807a2e3720e82d68d9f6e47e35d0069a278a7a9d80f20f56e2295fc4d391628 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c7db818d79cc640f527cad974d102b5 |
| SHA1 | 49de8ca016523b9de09d8b7694f0ef3fec5afced |
| SHA256 | 9e417256ea4197064dbb091a0f49f97a04ee9f94c22a0a699006c3d274563cd0 |
| SHA512 | d6dfe55c2f0d39a9c79b0770aa4ef436845ff57c5661622edcaec65fb03502c69667e6fb809541631bb6e2091caa08f2d608c7dfba65fd5edefe1f08042e062f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ada7b3e34eaa7bc6b2ecc3deaf02a2c |
| SHA1 | 54f5f922753483f63cca8ac98222b0c76cf003ef |
| SHA256 | faefea4dd6d146c3d877f87a81732e8fc16414bb6d2420eb58c03d4e88eb4ef1 |
| SHA512 | 63e9945c1b5bd521862f5fa028e57f569bfdf5f3f44dd429e3a413c3d8056d32a2616bbc551eb6e909e739458652ebcf943bf46487c58ba693a8c0f2f272c626 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f582cbab869631435e5d5afd32a655a |
| SHA1 | 0687d5984129e5607e9f3f89344a39b55530759a |
| SHA256 | 3bfae9fe5cce2f9222060aa382cec4969bd8380478930702673b381b8310ba69 |
| SHA512 | 97d6468379f00801f1018ab35346df248f5a10a51276147a673a918588922a42432a77af413d1d636ef5d238add39f0aa78c94aa578ae8f19b9eec4ddf80b6f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cbab6a75ee80f643c761c65d75cb36d |
| SHA1 | 1bec8c3f4b11bf85c9da73f13116af0150648e37 |
| SHA256 | aa1b243ff381f3154a7d439e77673015e7d8c0a05e4f3a181c64a1158d95b2dd |
| SHA512 | 667a6c91fdc847ce33d51d809cf6ca87f7a6f320f634aa68f644b6eaeb6fa56970f4916c273b3d2e5467cc6dda8df53ea3622fbe6269ae3f82579f2ece53ea25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 305b6d43cdeb37bfb76516ce453bde8d |
| SHA1 | 3afe32c4c5a60b5a2bd9568e266df71cc4c8915f |
| SHA256 | f2e4c4551f2a8e13e87910f7d36dd78ca56586ff27a38af32a3cc94b9f558b97 |
| SHA512 | 915e9cc133b28c06b77031e5cef1e48f9d33283c0e226d805b7e219ec3718d44567b48814f6a2a2d07f17847c78dc5c0b3b6ed2dc8a2c7a6a0905ea87893ba52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16d3080a2e6427e84f47dabb6152e986 |
| SHA1 | 25f9fce11f47dff0ef12e5e730a94fa633b9132f |
| SHA256 | 1295233919aeabb0d7a8a369b4f4683eb057102cf486123a6d79aeb6d8bfbd83 |
| SHA512 | 6a452f79aa3bca959507feafa2a3b2b038e8c677b40e32618daea037d54ff1dd589b3b483aa4f7df850aa0d93a1becc38fb51ef2793e412d59bbf395af50b25f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ddac2b231e42b28ee10d3ae0a87b81c |
| SHA1 | 6d1923b4703c9a89d2676cc74a50550ca8d8c2b7 |
| SHA256 | 27f19384c4d3e5ea5360093f67223acdfe7598347d988d4721dbe08b87c8261e |
| SHA512 | e79219cb617ec8040b5756a7a641ce65914699d323aa4e2269fd1164864eadd7c08e51f1f2e7abb7861632b34267e89c33885076185d6a240e147ee2ebb17e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08bd03fc20ca322a5acc152255c1cbff |
| SHA1 | bfe900b78225272acfe9368a50c96bd529e62f05 |
| SHA256 | 591f8b31a603819e9455ffa8a6e68c7b874fd1ca150f12f73b4e87a85680dd91 |
| SHA512 | 3cce9ed8a71132d8b1f776cec16167576d6c32b8bb4b24a3b566643096d5dbbc4ae5a19ef1f18e68afe01cd76a516e9580e9f447db631b1141569188e84753c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c5a090d6c22a17d49a54012bb6ad876 |
| SHA1 | 9f2e311fd5c095f53df31313150b9c4b28fca33b |
| SHA256 | a8c9a0eccb1384b8ccb05b97e2f7bf371cc5e61eaf8ea4f07bc99b1a601d2c44 |
| SHA512 | 6413f662e93a897d43ebfca166d26c5505ef2fad017a01c1c919c767f938df98897d407bee180862045a242f9716213da3641587cfe1aa83e871da785de8f2d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f33467ab2da0007a504eda38c013cdfb |
| SHA1 | 92247343ea61b1b7cea70c375599c8514a18bc98 |
| SHA256 | 8d88f02e07fb1a51a30dabaec664c4ea88cf37c475a557b9af84a1fb7226f60c |
| SHA512 | 75c624e5a3d3620c96b9699af6597abc38f9451668464c4e4cc1a75899376cab6524b67ea2ca9c69c91209a8575f8b0696ab179ce13f9520be86d2ab97b30451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b767a18def163b4f0476c622b33c5fb |
| SHA1 | 07ae138132917900354cb2359f4cd56826fe9577 |
| SHA256 | 39fc6dbfe34590871f5501b8e55d10e78217c5ca0ecebcb2d45761052e397540 |
| SHA512 | 0b6654401c3eb571d932fbc5db36df8546bb27088ad53e3165ecf3faf08fea56384662369792543376cf38c457df3d60e69befdbf565ac98a3675c18ce3e7711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 6c13320648c50d7ca485fa49016dfc11 |
| SHA1 | 30c3724155cec33c815167930faaaea35464fe46 |
| SHA256 | 0208c45cf6fc92e7242623499e4909e19739931f05b41d6d6d8374c56a6dd699 |
| SHA512 | 433e828aeaa56b6e1bd0ded93cd11aaa6c2191a873fab01d4a0287df375d5e1596ba7f2c127513077b7f9579e4f349f0c8df2db04278e556eb0726155beb8de9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ca94f13289a7864ff5186a02d7cd917 |
| SHA1 | 3ac647d82765435cae10ff7c8405a2163a36b105 |
| SHA256 | 8ad4849cbf61480d49850095f38f5c629bbc91aedca530a1d6dbb3c016222a77 |
| SHA512 | 681bd92d02cc28c9a9a12fc3e470555700e665c5adc7acb4c24f72d9fa0f536b2fb83d05f535f3794316efe9d2b038641c41c985f0668c36b62466ac824ecfd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 923b00606ce13ecdc44b271e58f6ff40 |
| SHA1 | a8b8af0fb23b3facd85c64cc39f0dd7ec38cbe76 |
| SHA256 | a64c8ac5f9a99628d26a9c9f38c15e6a3dc9cacc56a8d16af924c5c9d1cfd626 |
| SHA512 | 50871f7fe2a420884a226da5eb75fe1465d4ca552ac8b680071ac4c8fdb5969c9e14f011702a166a81dd80dd1709ef8b24d2a58fae4c251a3a9b6115da0f2376 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-02 05:46
Reported
2024-09-02 05:49
Platform
win10-20240404-en
Max time kernel
149s
Max time network
142s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "82" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft David Mobile - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "MS-1033-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6efa367dfbfcda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 ~ 0009 aa 000a a 000b oh 000c ax 000d b 000e d 000f eh 0010 ey 0011 f 0012 g 0013 hy 0014 uy 0015 iy 0016 k 0017 l 0018 m 0019 n 001a ng 001b nj 001c oe 001d eu 001e ow 001f p 0020 r 0021 s 0022 sh 0023 t 0024 uw 0025 v 0026 w 0027 y 0028 z 0029 zh 002a" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "en-US" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Female" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Speech HW Voice Activation - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 = 030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b90400000001000000100000002fac04553147f46a49df9b4ebea6df430f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083551900000001000000100000004917c0071bcbe9c7046c52368f011df95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 aa 000a ae 000b ah 000c ao 000d aw 000e ax 000f ay 0010 b 0011 ch 0012 d 0013 dh 0014 eh 0015 er 0016 ey 0017 f 0018 g 0019 h 001a ih 001b iy 001c jh 001d k 001e l 001f m 0020 n 0021 ng 0022 ow 0023 oy 0024 p 0025 r 0026 s 0027 sh 0028 t 0029 th 002a uh 002b uw 002c v 002d w 002e y 002f z 0030 zh 0031" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "DebugPlugin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Zira Mobile - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Zira" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "111" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 = 140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da65c0000000100000004000000000800001900000001000000100000004917c0071bcbe9c7046c52368f011df90f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083550400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e20000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "002D 002D 0021 0021 0026 0026 002C 002C 002E 002E 003F 003F 005F 005F 002B 002B 002A 002A 02C9 02C9 02CA 02CA 02C7 02C7 02CB 02CB 02D9 02D9 3000 3000 3105 3105 3106 3106 3107 3107 3108 3108 3109 3109 310A 310A 310B 310B 310C 310C 310D 310D 310E 310E 310F 310F 3110 3110 3111 3111 3112 3112 3113 3113 3114 3114 3115 3115 3116 3116 3117 3117 3118 3118 3119 3119 3127 3127 3128 3128 3129 3129 311A 311A 311B 311B 311C 311C 311D 311D 311E 311E 311F 311F 3120 3120 3121 3121 3122 3122 3123 3123 3124 3124 3125 3125 3126 3126" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\AudioInput\\TokenEnums\\MMAudioIn\\" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "409" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033David" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.134.221.88.in-addr.arpa | udp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | 9.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.137:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.145:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1a-lms.rbx.com | udp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| HK | 18.163.173.57:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| HK | 18.163.173.57:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 34.234.9.163:443 | aws-us-east-1a-lms.rbx.com | tcp |
| US | 34.234.9.163:443 | aws-us-east-1a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 203.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.9.234.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.186.163.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.173.163.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 40.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| GB | 88.221.135.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
Files
memory/1536-16-0x000001E912920000-0x000001E912930000-memory.dmp
memory/1536-0-0x000001E912820000-0x000001E912830000-memory.dmp
memory/1536-35-0x000001E9119C0000-0x000001E9119C2000-memory.dmp
memory/2772-44-0x0000028394700000-0x0000028394800000-memory.dmp
memory/5036-66-0x0000029E39B00000-0x0000029E39C00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\api[2].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
memory/5036-368-0x0000029E4D640000-0x0000029E4D642000-memory.dmp
memory/5036-371-0x0000029E4D9A0000-0x0000029E4D9A2000-memory.dmp
memory/5036-383-0x0000029E4DB00000-0x0000029E4DB02000-memory.dmp
memory/5036-386-0x0000029E4DB20000-0x0000029E4DB22000-memory.dmp
memory/5036-392-0x0000029E4DDE0000-0x0000029E4DDE2000-memory.dmp
memory/5036-389-0x0000029E4DDC0000-0x0000029E4DDC2000-memory.dmp
memory/5036-395-0x0000029E4DF00000-0x0000029E4DF02000-memory.dmp
memory/5036-398-0x0000029E4DF20000-0x0000029E4DF22000-memory.dmp
memory/5036-422-0x0000029E4C860000-0x0000029E4C880000-memory.dmp
memory/5036-423-0x0000029E4C4A0000-0x0000029E4C4C0000-memory.dmp
memory/5036-449-0x0000029E4D9E0000-0x0000029E4D9E2000-memory.dmp
memory/5036-462-0x0000029E4D200000-0x0000029E4D300000-memory.dmp
memory/5036-496-0x0000029E4E350000-0x0000029E4E370000-memory.dmp
memory/5036-507-0x0000029E4E3D0000-0x0000029E4E3F0000-memory.dmp
memory/5036-538-0x0000029E4E4D0000-0x0000029E4E4D2000-memory.dmp
memory/5036-536-0x0000029E4E480000-0x0000029E4E482000-memory.dmp
memory/5036-534-0x0000029E4E400000-0x0000029E4E402000-memory.dmp
memory/5036-532-0x0000029E4E340000-0x0000029E4E342000-memory.dmp
memory/5036-530-0x0000029E4E2E0000-0x0000029E4E2E2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3DFY8PVG\funcaptcha_api[1].js
| MD5 | 759ab24cf5846f06c5cdb324ee4887ea |
| SHA1 | 41969c5b737bc40bbb54817da755e3aa7d02f3c6 |
| SHA256 | 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471 |
| SHA512 | 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be |
memory/5036-595-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-598-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-599-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-601-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-602-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-603-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-600-0x0000029E39430000-0x0000029E39440000-memory.dmp
memory/5036-604-0x0000029E39430000-0x0000029E39440000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\EP2SMA59\www.roblox.com[1].xml
| MD5 | 3bda2480bbcb201de840d9a06534eb10 |
| SHA1 | ade6cf06f2958f912ceec6eacba97d43216f5349 |
| SHA256 | b2be7b54357e073102df404ea1067e13db285ca76bc8e7fe9bf5f2d6d3afe55e |
| SHA512 | 74976aa648f5db9a2051a91bb66e8bcc63c936c3096ad584f647dc2a2d5c8e70dc30fb818e7340bcac3337e284564de32c33f268a834f7c54a6c4235feff058a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\EP2SMA59\www.roblox.com[1].xml
| MD5 | 0dbaf8b2e668f72357cbe4a539f5e9b5 |
| SHA1 | 68543568c1c01181d867a905cc34a854037678ed |
| SHA256 | d2f4f66626d95ab36508ce696b68c83d096c4a767c563e2c2541d078cdb7adfe |
| SHA512 | cf0cee8dbd48e3b7e61df70c4ac1aad1580e1f7c601540750e9ce1e27501d06152fc69bc0ffea02567ffb3040bc12af84c6e105c423ad077d3afa55f717472ce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\EP2SMA59\www.roblox.com[1].xml
| MD5 | a54ab40d1afe06d21788a91d91a30335 |
| SHA1 | 0c2e434b21de5ed59b72ed9f235a5a193aac75e1 |
| SHA256 | 65ae487cb13a360a42c0e2da4f3c065b6b2a305fac90ee7809207d3f00cdbdb9 |
| SHA512 | 9e91004a6e83e6e045073f2dbec6211b25caccfbd2dbcedff938a3c0ae6b1cbbc71059869aa145e3500c2c8d9469c603bed4966c482ba05d3f9217356e9c8373 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\71NTS5YI\js[3].js
| MD5 | cf1330645cab6b67524c8763b45f0714 |
| SHA1 | 87627e5cbcf23ae154c832f7e51387ea63198ba2 |
| SHA256 | a6c0c46ed897b1775b14c0bc6a7f2c7d55ccc791c8ef07c244e849460ac14912 |
| SHA512 | 2932519a74e4986a9a507242d3dcfd04db0e4ffda455aec4b8ae8e53c926ca31ae3a97d17ffc103b6b6abe1db09d807ba57f43ebfc9a11a77f3fe9a445678dfd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VQDT4NKQ\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\EP2SMA59\www.roblox.com[1].xml
| MD5 | 62ec845b5509076d5269426793610d49 |
| SHA1 | 3a61dff08d418b750f30fb0cadf00acf2dbfe314 |
| SHA256 | 0002d7b05edd9f74b4878afb2a68d65e7cb081e017fbfc0bfee8d650b54debb8 |
| SHA512 | 403cc66c99a4d0619751346b0e1124688ffca84bafa8d8b304f41c9f1a294de6c3b96f3733b7a55b998fff14ad9aadfab209909d423c1b4491d3b1e691ec1ecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XM2HW706\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |