Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
Resource Forking
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Checks memory information
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Checks CPU information
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Analysis: static1
Detonation Overview
Reported
2024-09-02 07:22
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
win11-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffd6bbd3cb8,0x7ffd6bbd3cc8,0x7ffd6bbd3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,17505144678466773347,16200414726570991575,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.143.123.92.in-addr.arpa | udp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 173.222.211.41:443 | c0ak.rbxcdn.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 173.222.211.41:443 | c0ak.rbxcdn.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| DE | 52.58.187.82:443 | aws-eu-central-1c-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 228fefc98d7fb5b4e27c6abab1de7207 |
| SHA1 | ada493791316e154a906ec2c83c412adf3a7061a |
| SHA256 | 448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2 |
| SHA512 | fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56 |
\??\pipe\LOCAL\crashpad_2188_QBSLJHGORNAFCOTP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 026e0c65239e15ba609a874aeac2dc33 |
| SHA1 | a75e1622bc647ab73ab3bb2809872c2730dcf2df |
| SHA256 | 593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292 |
| SHA512 | 9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4b5bdad784c328f59f25450cd200b35 |
| SHA1 | 3363f7cedfff592a5b41f6aa804d6b769620d833 |
| SHA256 | ed0c9fed67a8169c22fa0eeb1ffe4c00fbe731e7c7f97f87003034fa5a58e86e |
| SHA512 | e5d27c6a8c0e1079129c5cedfdb8e0ceec699d67950df6027a491db3a8ab76a7f368c1f7592ad6d4e4a6d734b3a6b226dab56aa837501f5466b545998923fd37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | d6eeca02f7ad8d14dce4a1608f6e0b49 |
| SHA1 | e8b5dc469a57b1e7f5d1e71a4f98ef1f3c551484 |
| SHA256 | 9aade0e8b54bbeddd9908fe501b8a94693ac6b5b5e6504e77c7e470c0b410480 |
| SHA512 | 3235b68a777d22fdaf94cadc928d3c79726934744214969a1b354506691cc5d0c73d49548c1414923281fbed7a07c468ef6b2f1e3fdc23c29793063102823bde |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c62375ca330e216e7f5fb7a20b744d00 |
| SHA1 | 3187702567d4baa1d0bbd33a1d3c59d823606e47 |
| SHA256 | c8cf0765c4c8c048affe193627f8cf3e0fe000013bca94494fc356235acfba85 |
| SHA512 | f1db68a164aa5a427f06377e207ae70b8bcc1ae980c101d1569101bb0bdabfc1571963f894a8a9de96e6e94e943c42720238d4a49e07676cdcb91c868ba06c6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c2efa1be299ff36df20becf4825702af |
| SHA1 | 18d7e776949e9db2bf63930ed0bbbc7364138e7c |
| SHA256 | d273d9f205f217f6e7039ccd361a0e7f50e5b0b306811f95935442813ac8982a |
| SHA512 | 07e2a7804131d2aa9056e73aa8170d70b78eafa9128173aa661641003ff7f944f4cf3f57fedfbb5c59f62a4f850669991177755bb62e4e8b7f042e708594096a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d77f65f56626fd71640d1a28d1419a95 |
| SHA1 | 1b371143e10bdf69aed389b04ff30106d7dd1882 |
| SHA256 | bd4a3a016078577439651a41de710acc2187538f20614b3e92aa52b875b1c5ae |
| SHA512 | 441c930dda808fa2b02af2a1bda313776c4c2a1bafa3a0171021ab6705ce7af24e7425ec3a15234010633d82ddfb2d257cf0cfda60f3460ffbdc96fea8ef5b2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fec3.TMP
| MD5 | e94815674de76eb0295283d7c8246898 |
| SHA1 | 297f9c3482d2ff035786c3c9fa416fc425b79b4f |
| SHA256 | 225961a2b9bcd0067d5372f544292d25f163dbdbf352b8ef408321a46251d8b9 |
| SHA512 | 4cdeb2e4aac7bacddd593ccfcb31ffa2b0193ab7fbf1b59a724733b5da7acf319eb5891ec5cbb0815e73c190614c3d0f0fdc2506d8b0e4e0d523c64908a64bca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ef2c6a890ccf72d7a9df935f048e643d |
| SHA1 | ba6e791c526423afead3b6314d3491968b2b55da |
| SHA256 | 6394ebdef364f0d3586e43d6018874a2ab55609278b5a8e27db6ebe0ec779870 |
| SHA512 | 9228657aa93a8a184f0c18036a9353e980b511287cdb69dc74f15e2c546a4de8eff66ffccb3c203453433d7eae2d5263a4e6c4036c645c4710c92a877e6115bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70d2a9578382085e2e4401a9637c6e82 |
| SHA1 | c6b83f9079c5f4c67cf1d3bd268c2baa4ea95b3f |
| SHA256 | bd00dcc5cc6700ec06edc50a46aabd9772ee1c4da0d43d0688e68892bf89cb2b |
| SHA512 | 234e6e86583347bc8a8809c2176070e0dd530c255b7ed814b656ff1f78c087f0326906c91738a1f2deae2ee4bba0161f59b45912f983ae196f776b6847832c55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d6d0916457d1206560393249904a8b56 |
| SHA1 | 9502612881e84334fe4174f0bbe5046a3ad6100c |
| SHA256 | c55c582b9a4e38ca1340c15aae7994334bc94dcc1a87f02e1ffeac578b896174 |
| SHA512 | 2c0bd751b735522c4c6ba5ac950ebd6c1dcb65bc220e4305168185c10b06309c8423f3f05a51fbd81f1033141c2e22d3464fa5c5cb9058065f8ab335ab3bad80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72e28a3f3cd745b7bf7c56213af2825a |
| SHA1 | 8fa75d4b7bfb4b3b013636e202210e03694a0e80 |
| SHA256 | 732aaf3726f8963751fab025a99a7abf7014d85d0c0cd968920d0bec93c8f419 |
| SHA512 | 4494bbb9bc352fc2f6489aced7f1c4ce832fae283b13cccf61a31c401bd4d94dbe00d9dddfe4022b41b753b45a8b6e26065a4fea1e94bb186c842c769024e727 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
android-x64-20240624-en
Max time kernel
127s
Max time network
156s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.148:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 2.23.210.92:443 | static.rbxcdn.com | tcp |
| GB | 2.23.210.92:443 | static.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 92.123.142.144:443 | tr.rbxcdn.com | tcp |
| GB | 2.23.210.103:443 | images.rbxcdn.com | tcp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.204.78:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 1.1.1.1:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 1.1.1.1:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| HK | 43.199.8.21:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 1.1.1.1:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 1.1.1.1:53 | pulsar.roblox.com | udp |
| US | 1.1.1.1:53 | silver.roblox.com | udp |
| US | 3.129.93.122:443 | aws-us-east-2c-lms.rbx.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| HK | 43.199.8.21:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.178.1:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.178.10:443 | tcp |
Files
files/dom-0.html
| MD5 | 2f820f582a220de3906cb35f5c21e2e7 |
| SHA1 | bf1bdb159679820c9ea7ee5fd7910599da1a988b |
| SHA256 | 37ebc53a8ea803c3b769b31df84d83ce2af6fae47ecf312c9a168a28872bf3a9 |
| SHA512 | d41d431df884f299b443b313688bd981ddb7a83c500e8dc3aeed6715cce5296b633fa66d3600dfc6742f54fb938d67056a30902c0d766156e5b9e0ecd8a56170 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
android-x64-arm64-20240624-en
Max time kernel
138s
Max time network
148s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.95:443 | static.rbxcdn.com | tcp |
| GB | 2.23.210.95:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 92.123.142.144:443 | tr.rbxcdn.com | tcp |
| GB | 2.23.210.75:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.75:443 | images.rbxcdn.com | tcp |
| GB | 2.23.210.75:443 | images.rbxcdn.com | tcp |
| GB | 2.23.210.75:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.46:443 | clients1.google.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 1.1.1.1:53 | c0aws.rbxcdn.com | udp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 1.1.1.1:53 | aws-eu-west-2c-lms.rbx.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| GB | 52.84.90.102:443 | c0aws.rbxcdn.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 1.1.1.1:53 | sin4-128-116-50-3.roblox.com | udp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| GB | 13.40.89.241:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 1.1.1.1:53 | gold.roblox.com | udp |
| US | 1.1.1.1:53 | cdg1-128-116-122-3.roblox.com | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 216.58.204.65:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | 5c537225f3f3bd8eef72f38bf41cd2a1 |
| SHA1 | 3a582abccf7b9a63e4ba6206de0d01c57669ef4c |
| SHA256 | 34e244429b21323c4c63ca2df8324a2f9da706330381ca4e5f38857b27ca640a |
| SHA512 | dee58e3c76e0fcc4066f28a7e720ac136200ad522a2f6502736dc057096548e9d5e251e11c75f843c11148a7fc3885ca7c124dff152a2f12c7a68bbeef9ac9eb |
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
android-33-x64-arm64-20240624-en
Max time kernel
140s
Max time network
153s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 172.217.169.10:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.148:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 2.23.210.95:443 | static.rbxcdn.com | tcp |
| GB | 2.23.210.95:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| GB | 216.58.204.78:443 | udp | |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | udp |
| GB | 92.123.142.144:443 | tr.rbxcdn.com | tcp |
| GB | 2.23.210.103:443 | images.rbxcdn.com | tcp |
| GB | 2.23.210.103:443 | tcp | |
| GB | 2.23.210.103:443 | tcp | |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | tcp | |
| GB | 216.137.44.38:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.142.144:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.8:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | tcp | |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 54.241.62.188:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 92.123.142.235:443 | c0.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | tcp | |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 18.175.6.237:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| IN | 128.116.104.4:443 | tcp | |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 44.231.178.77:443 | tcp | |
| HK | 43.199.8.21:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 44.231.178.77:443 | aws-us-west-2a-lms.rbx.com | tcp |
| US | 128.116.121.3:443 | tcp | |
| IN | 128.116.104.4:443 | tcp | |
| SG | 128.116.97.3:443 | tcp | |
| HK | 43.199.8.21:443 | tcp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.58.204.74:443 | remoteprovisioning.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.187.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.193:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.193:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 216.58.201.100:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 34.104.35.123:80 | tcp | |
| GB | 142.250.187.227:443 | udp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
Files
files/dom-0.html
| MD5 | 82887c158094442c9d3e60fff219a6b7 |
| SHA1 | 618847526a91477e5fa86eb259a6d40bca178dc7 |
| SHA256 | 7ece1735c96af06753071e6757e3dbe273d98e44ea5f9bfdc0b9335709e37132 |
| SHA512 | 2efd20cb311a496775aa41dfe556236e7db97543cfa48ca459306baa449cb74422323bf6927ad826b576151cb2e131eec64dd888516c951642dd4d6798be5415 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
android-x86-arm-20240624-en
Max time kernel
127s
Max time network
136s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.3:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 108.138.217.124:443 | static.rbxcdn.com | tcp |
| GB | 108.138.217.124:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.65:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 92.123.140.19:443 | tr.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.124:443 | images.rbxcdn.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.124:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.124:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.124:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | aws-us-west-2c-lms.rbx.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | pulsar.roblox.com | udp |
| US | 1.1.1.1:53 | gold.roblox.com | udp |
| US | 1.1.1.1:53 | c0ak.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 1.1.1.1:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 3.129.93.122:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 52.24.157.247:443 | aws-us-west-2c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| GB | 35.178.34.242:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| GB | 2.23.210.98:443 | c0ak.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.65:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.58.201.106:443 | tcp |
Files
files/dom-0.html
| MD5 | 14e90ed2029b14805b23e89cef6d2bcf |
| SHA1 | ad4acc281d94f8cf0b25a70edfc9bb688144b815 |
| SHA256 | 46b15867739ac3605e8c2d6c02f54eec942577f856e0dcfd2bdba26761b115cd |
| SHA512 | 1e7739510018c0bceb716a011e875f1bf4e69a2d690035c5d6ebf62cfec6042eeb6d64ec2094adec2cbb0fdcedbb883b53e39ced84d8745b223f3a503f097419 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
win7-20240729-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431423643" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000006a660391e2cee8e34b45e96987a752ad0d21a831fb82b745bbb5bae3dca461cc000000000e8000000002000020000000dee63bad07c15c954a54828a026b06a1f45d34ed0ffaf20cc42558443aae4789900000003c12decc7533f3e0d863531ba042c0f5335be3efb8da7dffdf4adf27256a671a2d6673cc42b540e5e3fb4440a5e9d5df6f567d89898bba8712c014065ec7b471a27a886c7eec82fafa59644b98438a28a543a99164d94f5b0d85a7d7a1107e2a986f0c6706906f811c4347e9e3811c7956f19ff937285b14d73dfadbf5cf92b1c6e6c7b09d43204568053d88ffcb9b6a400000008a98fe64f2a31fe0ef2cfd8f5a1b4aaf88286ccd8492332d513ea878ffb67043e9eb93f436d002e2f8cd68f625ffab5f9eb892a6a7b24da293ae7d496918732c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000000b1f35f3a27e79797eab577ee941c831314322299763bf0c8ed1301fe90b542e000000000e80000000020000200000003a80cf8a92646852ca028b921dc9ab38daaf134461057ab23ad6f75af4d4709f20000000850d3a31b3fc8ccf0e93852e553e5095e33835af0bf5a4c7a480f931cfbca94d40000000bbb93d0e9dfefc13ebf81751049c9f15d8203fca85644f2c65a56163df592ba9111c89f6b97f6fa1862c0f85001ac320d01db31db347d97dfa2ff1232f8ea58e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00b59b0309fdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2188 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2188 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2188 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.200.189.225:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab207E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2090.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2651b6ea68c0ebc482d3275254d80799 |
| SHA1 | 4708231b66c5a08e9bb08e9df66ba5fabe5d8f6c |
| SHA256 | a58e687119200d9085f32a7b7fa349db19320d4715c32e5cc7233b45d3466e5d |
| SHA512 | 607a8f26109de857a779fe7d386e2027e722f580446e93a06880a18f0adfd3bee9a3383a2f318f060e958637a8e0f987573811cbf69a2baf0f793b25d8bab486 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 8d133b635ce8e14ac52eb6b705537682 |
| SHA1 | 9f31d9f02a980d9f97196838ae3e5e8026e3b2e0 |
| SHA256 | 68b1ca7ce3fa595e9442efdc9ef74c49fe398226b8848ff6a6a76e0f052ac433 |
| SHA512 | b485d7e99b94216291cbcb7732f7e46d00b0f8e713b53af468884a059736c9d675ed7a1f6bafd83bacaf2b0adedd6e25b302d4647d050acdd7861ebbf508ae37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c84607cfbc328fd8ae4dccd6b7f9ddf |
| SHA1 | 4c8dcf8f85791b761c61213bbc6ec7d52e1be8f5 |
| SHA256 | 3e88966a9cd1ea5a63091c190f71d53438fd20ce24d33e2ad2f515e20a377cb3 |
| SHA512 | acd5a1ab499ff7c1c24cbcb41a2d6fd83186305e888fa799b93ce241f6256f7b74e8442e84f099e326504c57678cd6bbbbbf6b01f77892bfb411701121f3fab9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 59ae382c384655a5161de04139f1742d |
| SHA1 | 3ab3684a83ee89b833b12271cf6cd3998da12d58 |
| SHA256 | 623e90a022e989d5da4205e6a22728d093345a3cf6d63ecc66ab0962c072aa75 |
| SHA512 | 318e6fa2b295356a6d90ccaa0842abbc486284261a5c3f9531383868c501051e54f4849e56d6c05cfc96474f7f8e27e8fa21963f56aa489ce99e2275d9f536b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 263f9f8c189956897d9edda6b7218d0c |
| SHA1 | c81b1a8dac477a8df4af75ec1583d30e64fb3761 |
| SHA256 | f50521af8da3382445131ca029dfb0de49015f541ba38860f86ba5e4cc55fe53 |
| SHA512 | 2bfd26b4d92472ca82db0530f4150f3af5379075c0c362f01508f472e1f6d8ab4d1eb9c5a9580635be7496d9372889328c32dfadeb2eeb0d340b8cb519fa65a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 7e647136505437fb6aedbc6b559371b0 |
| SHA1 | 0073a42e2804ef077e3c1f7f5372dbeba6565936 |
| SHA256 | 1b0c8e733cff11b8d258090dc819359494b0e2b911c465a9bda4d3eebfebbd25 |
| SHA512 | 42fdd3aac9bf3452edeadd1247d0c2417aed98454f742e890ff9c4f112845a3850d728beadb1e2109f645badd2215b6539203a7a7fb252323fbd489d9fa7907e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9195b5ee64f4f96d50ca21a92b633a08 |
| SHA1 | a698202d2e0c8ecfed00fd3ceea5bd1e70568b99 |
| SHA256 | 059211c3ea8b352772bf4a3077b9da2331ef62012d978934972a4b1211a6e2ce |
| SHA512 | 1394edac84ca5f620181f6dc1a773520251e1eaa8149396ff2fe7b2cadf8211ad34343c939f1a5fcc145cd9bdb6be5a4ceff1aa09c610a929c991b82e50424be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | ebf6d7d9e2d737547cdf76357ee78d10 |
| SHA1 | a6f35633a1914d1307c29dcc93476f40b98fcf51 |
| SHA256 | 81bb633949f21ab35ea682f16b4ac7eb202d04e9b725bcdb850f5066f509a0f5 |
| SHA512 | 91e4a0c0ab48e29c43cc8feb46e22c0cbaf6d0d293b48497c3759ae46eef480f3d26514eca10924da8748cec2640441ea05e208c6f05b77c4001f731da41410f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9749c21da32e2d6c1ddea22c63e8b1 |
| SHA1 | d6dbb042ddd73d7c7c50abe621a4f44a458a1967 |
| SHA256 | d2599ae259050d3808ad6beb41e1ed6b306041c53b398378f9a9b71e53e97e80 |
| SHA512 | fa50a8ff1882e70eb205dcc94296a66979319f1546be1ab45735e2694be750f6e0e6ae15e8d0a9420de4c37c3ecabca53e63c0b37aa1582ccf77604984d67abc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6bd537e63423a07b610179b02a829737 |
| SHA1 | da874b9c8c9dd8e158943105db4c4aadd78b0ef5 |
| SHA256 | e0760abefb32d450433ac52b979678bc05d11bfda36cd9a0227ee92a00c0d67a |
| SHA512 | 76a7ad9b167fb4332273fef16fa6a434b12d32dc3826c67eccae20f298a65acaf6c642aebd0c953116661bde80a687371b601dd508aa7f13edae774ca3affc9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b6f9197f0c5300a95088976c8075b9f |
| SHA1 | 66a1940e065004b7eb1dcab434aee6cfdd03403d |
| SHA256 | bf557cc99a7b716199cc96541dfbae4fe69c9d286fdda96b9c60a0d90b358a34 |
| SHA512 | ec711e6e0e291e49926755b65cefcf7fe839194cc3b39960a8c4a8480109e9deebc580b3c40a5091da598917d1bacb89cdbe91445ad7941f7eac6061d73387ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ec5b26a59ef173873164f74a51f64d |
| SHA1 | f9e90a2182a2e94ff6a4d265a34f77e2514ad83e |
| SHA256 | ffbf6c2fb6e041c1917b017a14f6e6f50ceb72d4e09e2eca0e63da011484c1e1 |
| SHA512 | ae85f575ee4d73ca08aa355b09ac431a825f7e1b49569c5f5156c66205a71ef599d3e701d9d0cc78824452819d93e4d94c223da86c297b5ba16631a5a6b75c97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ddd5b50c90f5da2d394f63fd50a4b54 |
| SHA1 | c45ff8138c188ddc9f3c3748c4f0c24af6c36f95 |
| SHA256 | 81a5246972b8901b43e878088687506ae60550cdf68d4e3b39bb2052368d021e |
| SHA512 | 7849ca7fe35e01b8ad078b059748a8930286595a26c90ce350acaacfebb269ac7794310eee80c7f2d90e57287e9fb96843991b6993e098537f213b841d429cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 838a0b1ffd1f8d1cbefab478ed382303 |
| SHA1 | 800038fb19c0e5d84e00121b8c4809ab38d22909 |
| SHA256 | 1ef1a9957d3e7dbf66630bf937c8a269d1607e21990107a8f3611cec44240db0 |
| SHA512 | 911e976d29170c9b36cb2224e965c3cc29dd7accee67cd1fe4b292bbe7884b112ea3b552bfbe6073694e072dfa6e6ff01ac93aff44b50b7e8a0973ce8d59e0c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e1f1760622f41232abdeb31fcd06cea |
| SHA1 | e99d6d56e7943bdd0fd9eacb550a4641db66ef16 |
| SHA256 | 0cb08912b03ea72f35474751fc9445b57d62c7333d9d2aac0177a0fc8ea6a755 |
| SHA512 | 990308ab4e8fc370e6c35a47a308f0bbfdd55c28ee764e48d6bb1174deed7bb6bb5e458cadf37abf151fbf8cc6111ba61a6e14215914ffb2ddedb56ba5334718 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 5136c0da506ea611c3629be2b948ac1d |
| SHA1 | cb7d7e39ff124b8196c24c4ec74220eb22ade0dc |
| SHA256 | 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed |
| SHA512 | 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 2063d45f29bfb3a48b3722a7d4d8b18d |
| SHA1 | 4bcee4a67edafd8e129fe7458a8fcf8ab4c21344 |
| SHA256 | 22b57f4e024bb7eb64799e4745bdbf34435e3c4122fc552a257b97782ec61884 |
| SHA512 | 51972f98261898485ba53c473f2479b931afbf3f1e264f8c2ad1f25feb70e6e0a40d7d22d0b1d8ee574f112e70946c850372fcd2f1a545d569e62659f0fe72c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | faa31b293176eaf8f6107424ad4329f1 |
| SHA1 | fb319dd17b48584db4902ad344d4bc2c764a9c7a |
| SHA256 | f0a5de807ad529ebfba9021d49d89f7542c754df61d4e1fb874721ead1fdb0c8 |
| SHA512 | f1218228141d5fe260d2881e7c4c18b8b0540816c2dcc469d7da59236e47856cb201f50fe805d15113e1f7f0a3d80f18540d1377c7f31c57c2d373d841a00e60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 6705e0cfc2114b79c798d997bb329810 |
| SHA1 | c9ddec21221a94beaff00e19b15e00214fef344f |
| SHA256 | 233b8b488aa8a490fb7f78678dd5548aac5d820e83b75a86d1b46edc3b1938cd |
| SHA512 | a29f6a7f6ec3fb854f63deeb73c22bedba3d218793e039db4e8776907fb856e96a72bc69a731ff72f3b22619c14599ca2f765257e65d952e19302080204ae0cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 84f391593ca2afb9f64289bbc163bf08 |
| SHA1 | 16c747afff33bcbb75cca731d21d0f7379199817 |
| SHA256 | 21dc4012844c6d4b5b3e53c24627dcd1c4724a97f59f370ee035dc5683fdcafd |
| SHA512 | ae95c84240a7d6a95d735a309d3c4717a0baecb6807e54c0fbf628aae290ebd3e2a40ed561884ed4486ba7f50d1dfaaff668c5f066d02279fb0d131c24670b72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | a9df2ecd82cc4e22a5569f3d96fbd312 |
| SHA1 | c0e6a262c7fff07f53abcf1a33aaf7a694dffbd4 |
| SHA256 | 46a276384ee24791f8bb65714bc1c47ab6a1335a9ae86322fe225fc9919757bf |
| SHA512 | b3ea5e98067d224c94c558cf19a7ec0f4fcbb3c0c2f5b70274abc47747e7026cb9eb663ad5a29321efcc761ced50e43ebe8e42770f069d22cdee8378969b6a61 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | e1e28cec752dd9c0cf8684cd1b46b1c5 |
| SHA1 | b146f6b2135d4e3360dc78a91fe92d1cf244c9c2 |
| SHA256 | 36a86a056d93cfd1dd90a825fdb30e6774f41df5764d1fe509d448f0d7b1f970 |
| SHA512 | 12ea6799a3586b65a491d3f4e3d6c323bfccb034dca535c4d672acb9d2c30de965e0fdede2c4d9c5fdab046851aa3233c41e575f9c1edfb0245955bc8927fd64 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\js[1].js
| MD5 | 3562b526a53601c20cc6bef4e568798e |
| SHA1 | 7247f345bcf675d79d291bbfa4f67f22cf7b1d01 |
| SHA256 | 01122de60f1e62d520e34ea520de99e233195b4ade1f4a28939c5f869fbde721 |
| SHA512 | d1538ed0b4c8dc0d09d6413e418917a7f007ec0552b71857f511864c8cc528a681726eb7a0cee1fc083f63834a0398ba1f375db5ddc5076a1d5bb3cbe8806cbd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | f141d6e515728771b43a715ca010d093 |
| SHA1 | a0651e19a34dd19ac3692c3f362169d9ac750ce8 |
| SHA256 | d416e9cba565624b7373f2ac779621f4f3a5cb6c85f21143cc2f1c5970c022a1 |
| SHA512 | 360f9b84114731b69f8da512962b69079c6e4b70fc3d50f5eb0a427f670bf9d4b337830f38cff355e09caf0a51a7f3f64155ed0f7bd94ac9a232065f0dad4678 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | e507fdfd3962b34926cb36351a5f2826 |
| SHA1 | 023c2b8be45c90370a3e796c9b678c0e50a86c0e |
| SHA256 | f88ffdc2757cae19418576f1f157714b5b154807ce8c58ce0d5f04bb89865f0e |
| SHA512 | fc55fdc84c3149e886b7af1a420b6305b488b6c194a5da7e282c30b9b841f1e7124acc718b62ad9bb3babd58a363b63f16bf01659567d85d585334652f590642 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | 9a455c7dbe8ed264df0cec8d54929d33 |
| SHA1 | a1d0aaa345d19ca633d682cb17aaccc9c334f513 |
| SHA256 | bfffe952b606fdbb25e9a68cc1df611f4d84ef3a4ca012b822c9814e8078d418 |
| SHA512 | 5c92e840f9e746fb556a231ef6153a1b2617fe6ca6ea1b83fec99e8cef032aa7b3297cd7dff5c549765855461e863e69b9b15a60acab2bdd7e7bbab180175ca8 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | d5bcc57fc0f9f8bbc19f0acae5deb0fd |
| SHA1 | ded7e49945dd708c2dc3faab392f031f133e94ee |
| SHA256 | 4f3ff70c2ecf7585eb93bea8f7b68ec2e1cc6bbd8b5704eb97cff50a7e3a3571 |
| SHA512 | 7c6ab2821323c6823f8003da84bcd5f14abaca9fd2c521e063992a1fa37979434932478be20474f92778748fb30685574a969a3d6e47adb755f6b0115b7b3047 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\4EPE6DQ6\www.roblox.com[1].xml
| MD5 | d6f576c1ce2c16f4bac98e472e183083 |
| SHA1 | 70cbe77d010fa277f61fd4552964c827ddb19cf8 |
| SHA256 | 908694369247b4e8e9883bdee3f6d1527dd2824b802df5fdc8e00b7c089a2c41 |
| SHA512 | bbb022e545276270ab17fb98cb8a60eeaa6a03a9f06ee14d067aaec88bba8f4c034eb70faf37f66caf387d18b03f882bb1b38f372ac34f7f9555c05e242cdaf9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
| MD5 | 395aea3012363283d56eec44dc9cbec2 |
| SHA1 | b77c36151bce95ccb71efdf726d93978f46ce3d4 |
| SHA256 | 0b0e415e1a5beee1538f10dbfc8d9b71468c85bc40cb61dc6c3dafda40004e46 |
| SHA512 | 117448424f0248b4fb8598b019b138e16600d9348ec8d738571531db0717cece73849a8063000a1af21dc7d47fa0020cf6861bf0e9229c34e344329bee129638 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c35314dd406f1d2f56a63aa022a6fbbe |
| SHA1 | 03028b67e2dac6d04a1616e85cfc020b465f0cd7 |
| SHA256 | 9b0e18db5e4a701e84ce87c965a856d2ee007a9c0ca5e76c10a893b30d978cff |
| SHA512 | f9e722eaf2047e28e5c73053bfafd80baf1944859eaff0dcd98f9cb1e1978aad3da75938294039e2c9e0f24431277da773c84d3ff367235348ac590dd20c242c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d62b55a14788d9b49236a738530dfa |
| SHA1 | 9c1586cf6d4b3fc0212489b7b7236a790e5424e6 |
| SHA256 | 9cb47f3cbdca64c43f0bd2eb34e1d1b0abb1df78c2abdedc82081faabe812c7d |
| SHA512 | 01a578a3e4f27fc4ecb8e4e9fcaec9a50d6e39d4b75fbd03264bb0894d30c2ef52dcbad86bf657108a3e0f577fc2ecaadd1134971bfc511bcda24c78fb532825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b696ef021f3cba880937aa7991475cb |
| SHA1 | 7fff2080ca2c8a222e7a8c0908d42f8b9656d799 |
| SHA256 | eab3388923015839c347174cbb53eb53d8a628bdd68cf8a4ff53789b87df4afe |
| SHA512 | b787662881dd0cdafcc14e3ed850885e1c02ea3ac4714510772d8aad941d720d341a5bcbf8719d6015b16113305122739a51cec0cb7cfdbd80f88ebe220538c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9dd1c6d4c9365fa4e2c50f31cb96d57 |
| SHA1 | a16d1829713c8e242d1eff046596a03868c3ee80 |
| SHA256 | e4d8da0a46b2102ef5d6db111998ea2914ff135fa2ff106b20ea3eeb12686f85 |
| SHA512 | 8c5ac0b97834446b85fa49fbb5aec56444b95b220c4bf203e437769cc40215d406c4e2b2f5500d7c8d5e091a67db6d0b8efd2c7cf6a4278ad9486a3a5ff1ee50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 221d6eae30c8d5be0a28295c871438a7 |
| SHA1 | 12f014e40012c6f9193d967942b891a393ca5940 |
| SHA256 | 7abe8eec89ce3c3b551dd487129786a15196eb1b20494d11fd39387ab5b8a594 |
| SHA512 | 0cf830d5f0361a21d2229e82752b656365c164862374e26363cb753e42005b481abc96a1c1d61e1942f321d4f9d54d743b2bccc354c3bc48929bbe96927e8932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc2bd5cd9cda8101b1c0339b01fc098a |
| SHA1 | 170b04558ee1d7a2277a54c8f638cdf5428d89e1 |
| SHA256 | acc9080a30142e31ae981fd49020e4263b8bda7f7598613f6bed2c0ad7dc4a50 |
| SHA512 | 13269fffe9c489c67e84437eeeae46e96c3757594c7db36b8fe71be315da5f46a3ffa9753ac7b5f0bb383967b24ddaf0dd70b511e73dbdd5e9b463fa395c58e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6c065c5ba9d1082faef1dd0ca4f45e2 |
| SHA1 | e1befd69ee5c64f05ea0f0c06827658bce2c232e |
| SHA256 | c35d3d6a0352be3c835a67ce03d3ee326ece021357f1229b77a26e1c4b50f5fc |
| SHA512 | 62da8175be35402ed9bc11470b856679b65d0d3ee5b5c481b485fbffb96749662761b80b3664d5db61ce3c173629111d0253e2a3fe3c6a51a387500d7fb67588 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ee469bbe384c36078b923084f09df0c |
| SHA1 | 24e8a3fa4a4400b381ff9c9bd6d302dadd0df0c2 |
| SHA256 | d69190fc9bd57ad11c1e313b62dbb49944cff15f3cdaa2b3807af7f622a3f040 |
| SHA512 | 0eb00603e3e604fa10731285e03dc9034aae77e6ce456522c14cc6baf2cc7441f5ca332fa508963bb125544ac9ab851a3c2a6c1d18e950424c42de1603f6c9b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c767dce0755045d9ee7fa574b93b7a4a |
| SHA1 | 9be2ebccd80bc1f613a2d695ff1bbaed9b2d87e7 |
| SHA256 | 2b7f02132287a33422f0802854c38ff74a9b05bd8d9024f005fe3a07313a303a |
| SHA512 | b38b0b66986ee13adf734e9adef9cfa85b8bf44a7f7f9fb2da6fcd48b2b3ea0602281045b97d38e4794ef18f6af2d202dd45fb15271bb7163b8d49b0f206b1d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff3253b96bf1275c06e9fd044e274c35 |
| SHA1 | 9c5b0d69c098cef8108f3f292ddc6995137a1e44 |
| SHA256 | 0b827de6babb2b353846e0120f7df2f4b0f54fe4681a117676eed65cbadbb3d3 |
| SHA512 | 240f47f9b0aaa5f1dc4471db39069e19ec61dfde66ed916bea526f6d66826195cc91a50e4345ee6d91ceb27b8fa5925e8c01b11baefd5e4f0d59b32791c04fd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 14c5ab03f6713d90d5163b9b5f030b83 |
| SHA1 | 56c47d91c4130f888f3021f20099ce6a3ff8bb5a |
| SHA256 | e74498802267d1acb4cdccfcc9a5bb90e2d5e1f2a396d1bb1ae24c4f441ace70 |
| SHA512 | 3418ee21da6a61147f481abe7bf15e28991cc11ec46b903bb60f808a56a04e0c3ef85ec1ad6fd6f4af411f3100b3d3e579b251b9e58f0581a8c658c030da944f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4732777e95ef0a068b72b91f4a4cd216 |
| SHA1 | 8e8ccef81a9daa14ff01bf7cbf596b748c024aad |
| SHA256 | 0178857070807b6518392b4b33a05a9b2c0c387f183a66c5cb9df905591fec34 |
| SHA512 | fb8370aedfbe48c9552bab589dd39af6668ca99e740c57a43e622b03f89ce52a3e1341bcb106a0c23ad9e37e5a8747aa7d76199e408341e3924dfe376e5c785a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cd313b9c76e8e8aad42b49524b74fb8 |
| SHA1 | f0bc6ab6cd3e1baea9c89c83ab9ee50e8a3dc71a |
| SHA256 | 68bfac44edfe46a0507b5c7c24a66e14ef7d663406899a68139a5b115aea1281 |
| SHA512 | 8bd0f7fbc1ac691050521612daf1fa40e6289f8a8415763c9dd8d3d471edf2ebb47be81993e797619cdfa1307a0beb17ef0e8cbd331f2eb13badb279257a05a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 916afd99acd946f1c9cb01b9e3bb2044 |
| SHA1 | 968a29a7cf4960f93376c386ffbee94a57a1d366 |
| SHA256 | 980d6007b459a8553895af50b4171c3ed50d7149b37e377bda52d199c72594cb |
| SHA512 | 2148dc95bc8e95bcadfc35dd2d299da12558318e6324ff454ad7c93884c5e946479876872a30917699f5aabf56d75d5daea64fb818fbd994498dcc17ad946905 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21f5a9f2d5f70d0ef895763b6172130b |
| SHA1 | bf14826f54a4aaff7deb2e8714341bb8091f453b |
| SHA256 | e6676b4441e56d007ab203a5f103ad0d1399d7865c382b75c40c6f3bf47728cb |
| SHA512 | 2e5065cd0bee15302b22cce40637141fdcb75edec4b62ddb0e11619def45e16cdeaa789063aa52ef431bc6a2374e24ae7fefbf8d774c11189ea031619b786d18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b15e23c2fe624e588b6426ad62fb5dd5 |
| SHA1 | a8a0ba1dcf6bea90e1c5d1d280462dcde231767a |
| SHA256 | 18cc004430c0dda33a1f1b2b70099ce30ab80c64e8955dbb077c0a236671997b |
| SHA512 | 7a99c10f908fd9dd4bd80a682ee9fcf855c9e436edae2357f7633ca9cbbcb23085eb9f42247f1340765c07644a63e54b971f9ea0d16d14557fbfcadc5eb2f5a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | dd1085eba01975e2812b14e39f7bf4bf |
| SHA1 | 833b6b5acd14ee8348c62f069783536944ae6171 |
| SHA256 | 347a3329ced87d5da14dd4dfea40105287b4060930528943ff8991cb123f02ae |
| SHA512 | 05bf675541ea02305e303d939efd057415735983f9a5b01d8c315d4f12ce82b5579524840a2cac4d395486cd88458483bf356c829d4e474565a57945ed0e7621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cde6da0cf2c09f19a22af4db9e75324 |
| SHA1 | d8922238b5b2c8bd2355725dbc934ba48e205316 |
| SHA256 | 98e42f854d14b6471eb3a9d178602943be393defa93fd4ef5987a070692cd826 |
| SHA512 | 353648abdc75f28db55ca19ab2c42a772b0d711ab39b3521b104655f7ab9c86644033665524ba59b835f7e15f371fe6b3302698a3eafd3102c496a846730b7a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c7bca59378b6f8c43d9bbcd19bdb57 |
| SHA1 | 38162ed5fc9487621c0d6bf7e631e555fdf7291e |
| SHA256 | 3737b7811f5f9aac90034b45bb6f35120dd7e35e1f57191e4909536bb1b73e5d |
| SHA512 | 6709e0871e77167964c7a5d12d1196fe5f5b54d94e47d70b51bfa20dbeb5a126de7e9053a57a36ba68ca75c2c79632e4e1200f87b2eac104a89aa8ff310ee43d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe3ca4c491811cd438db272c52dc86c4 |
| SHA1 | 9490d898088551ffb0cbf85c1bd75ec3cc992dda |
| SHA256 | 5ec34986ac0293bbcba06c8d5ee4c75df6dcfad3a7876469342a1079870aa58e |
| SHA512 | e54b2dd6b0a3223b6d3135a617e5da1d9726fd650d332bebdaa5c2eda37574fd2fb32ece96d6295249fd058f3b63fa91ffcb14fc83e316e2805edefa6ffc4456 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
win10-20240404-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Zira Mobile - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\tn1033.bin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "431423887" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "40A;C0A" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Near" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2016.0129" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Adult" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "436;41c;401;801;c01;1001;1401;1801;1c01;2001;2401;2801;2c01;3001;3401;3801;3c01;4001;42b;42c;82c;42d;423;402;455;403;c04;1004;1404;41a;405;406;465;413;813;809;c09;1009;1409;1809;1c09;2009;2409;2809;2c09;3009;3409;425;438;429;40b;80c;c0c;100c;140c;180c;456;437;807;c07;1007;1407;408;447;40d;439;40e;40f;421;410;810;44b;457;412;812;440;426;427;827;42f;43e;83e;44e;450;414;814;415;416;816;446;418;419;44f;c1a;81a;41b;424;80a;100a;140a;180a;1c0a;200a;240a;280a;2c0a;300a;340a;380a;3c0a;400a;440a;480a;4c0a;500a;430;441;41d;81d;45a;449;444;44a;41e;41f;422;420;820;443;843;42a;540a" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Traditional Chinese Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "105" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "404" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "16000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft Mark Mobile" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{37A9D401-0BF5-4366-9530-C75C6DC23EC9}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "L1033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.113.220.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 43.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | gold.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| GB | 173.222.211.41:443 | c0.rbxcdn.com | tcp |
| GB | 173.222.211.41:443 | c0.rbxcdn.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| GB | 18.169.126.21:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 18.169.126.21:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.126.169.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.128.33.52.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.142.33:443 | www.bing.com | tcp |
| GB | 92.123.142.33:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 225.189.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
Files
memory/828-16-0x000002565E320000-0x000002565E330000-memory.dmp
memory/828-0-0x000002565E220000-0x000002565E230000-memory.dmp
memory/828-35-0x00000256624E0000-0x00000256624E2000-memory.dmp
memory/60-42-0x000001F8E3B40000-0x000001F8E3C40000-memory.dmp
memory/60-44-0x000001F8E3B40000-0x000001F8E3C40000-memory.dmp
memory/512-64-0x000001824A080000-0x000001824A180000-memory.dmp
memory/512-260-0x000001825D410000-0x000001825D412000-memory.dmp
memory/512-262-0x000001825D430000-0x000001825D432000-memory.dmp
memory/512-264-0x000001825D4F0000-0x000001825D4F2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O23J5VA8\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
memory/512-361-0x000001825DAF0000-0x000001825DAF2000-memory.dmp
memory/512-358-0x000001825DAB0000-0x000001825DAB2000-memory.dmp
memory/512-356-0x000001825D6F0000-0x000001825D6F2000-memory.dmp
memory/512-354-0x000001825CF10000-0x000001825CF12000-memory.dmp
memory/512-381-0x000001825DD70000-0x000001825DD72000-memory.dmp
memory/512-448-0x000001825DDA0000-0x000001825DDC0000-memory.dmp
memory/512-446-0x000001825DD80000-0x000001825DDA0000-memory.dmp
memory/512-466-0x000001825F330000-0x000001825F332000-memory.dmp
memory/512-486-0x000001825DD80000-0x000001825DDA0000-memory.dmp
memory/512-494-0x000001825FEA0000-0x000001825FEC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T19IQHVE\www.roblox.com[1].xml
| MD5 | 88726c9943edc4b15cca9abb76051816 |
| SHA1 | a649d243cc8670c295c1024eaf3351f6d128d1ae |
| SHA256 | f8e8936b5af065eeec512395cb573aa9759da57d69116b0683a5e2e8b81bb717 |
| SHA512 | afbfbe87ac22f8e88bf5a1ac4696e5484ff14baee80cb246f4d8ad566a251c814884ffb21c7e557c5a2198b674585b12c7cfc12dd84dfa0f9035bb261e9979c4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T19IQHVE\www.roblox.com[1].xml
| MD5 | 6a9f17800398fe67c6310995e19c1417 |
| SHA1 | 6a89eba23c56057d7966532c941d977b2098f947 |
| SHA256 | ed3b551c75b996d9e4837719130b93ba8f2859535b7d5bb51463b54f7399b185 |
| SHA512 | c84d6221c6e123c9c7e8f2ed25c6f557ddb9f98037a8406ca077f34ef6d044c3b278526000e753a5a15eda46b35b9ff23a71c44cbff9ba0ea62eeef104b25bb3 |
memory/512-637-0x00000182609B0000-0x00000182609B2000-memory.dmp
memory/512-658-0x0000018260D20000-0x0000018260D22000-memory.dmp
memory/512-654-0x0000018260D10000-0x0000018260D12000-memory.dmp
memory/512-650-0x00000182609F0000-0x00000182609F2000-memory.dmp
memory/512-644-0x00000182609D0000-0x00000182609D2000-memory.dmp
memory/512-737-0x000001825A1A0000-0x000001825A1B0000-memory.dmp
memory/512-736-0x000001825A1A0000-0x000001825A1B0000-memory.dmp
memory/512-749-0x000001825A1A0000-0x000001825A1B0000-memory.dmp
memory/512-747-0x000001825A1A0000-0x000001825A1B0000-memory.dmp
memory/512-746-0x000001825A1A0000-0x000001825A1B0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T19IQHVE\www.roblox.com[1].xml
| MD5 | 4b94b274b0799b04e58c085b68c5d036 |
| SHA1 | 16e3a60e723c5ff526439ef3b0320a62a178033e |
| SHA256 | 6099ac1ff3fa4bd600ea450ef60e5596aa3bc1bacb12a19ba194b83b0a9b040f |
| SHA512 | 9b15cd9d354257aeff0d5ac9988ebc40d2fc0b4a5a51012a15404e240ada0f19d35d145592eb15873db98173b944ef80977df143eaf16a84964252df9b58ab59 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DA1010HA\funcaptcha_api[1].js
| MD5 | 759ab24cf5846f06c5cdb324ee4887ea |
| SHA1 | 41969c5b737bc40bbb54817da755e3aa7d02f3c6 |
| SHA256 | 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471 |
| SHA512 | 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EFIL538M\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\T19IQHVE\www.roblox.com[1].xml
| MD5 | e655d9dee3888e3ebb088d3456aedafb |
| SHA1 | e9e1a1abb8cb0ab28015e21bb910fe0a5b9ddc09 |
| SHA256 | 276713cb420b7732a313ea7da6307cb31adbc563600753b70f9b7808d522e8c8 |
| SHA512 | f73b2a95a83989bbc7373f6c3ac8b14d4dc4998e00fb014c46659a6ae4d7ba1292e70ab4245660c2f1476e08bf1031398506d2ed654e8188fa65030008517051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\A2RQPS9P\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9afe246f8,0x7ff9afe24708,0x7ff9afe24718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8971868486019618746,8940409739347663091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.39.156.108.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.137.44.28:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.44:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 32.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1a-lms.rbx.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| GB | 173.222.211.11:443 | c0ak.rbxcdn.com | tcp |
| HK | 43.199.8.21:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| DE | 3.64.30.211:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 44.224.16.163:443 | aws-us-west-2a-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 54.241.161.217:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| HK | 43.199.8.21:443 | aws-ap-east-1a-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.2.21.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.30.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.161.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.16.224.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.8.199.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.211.222.173.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b9569e123772ae290f9bac07e0d31748 |
| SHA1 | 5806ed9b301d4178a959b26d7b7ccf2c0abc6741 |
| SHA256 | 20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b |
| SHA512 | cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795 |
\??\pipe\LOCAL\crashpad_2044_GSOGWBPMWHCFVQZG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eeaa8087eba2f63f31e599f6a7b46ef4 |
| SHA1 | f639519deee0766a39cfe258d2ac48e3a9d5ac03 |
| SHA256 | 50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9 |
| SHA512 | eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 685894065c26087a3ce20e4d1dd2937d |
| SHA1 | 1b9700e614f6f197bb9e95b574131cd827056c72 |
| SHA256 | fedbf240d5ded1731fa766b9ea1f7b218475e66bf9cd35ad684eb19c7d57a881 |
| SHA512 | 071ab1674e711fcd3fd53d124e221cd6510c0dde3420673637de4b452094c67ba558ffaf0f300af859955e9649292587e907545ff8d89d00d921768fb2a71aba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 519a83fdd0a14f697f85286f7bec5bfb |
| SHA1 | 244c9bf29fa364c5807a908ad49b65039244fdf4 |
| SHA256 | 1e95fd8e3bd5d530735986ef011a4780d3227490de9db45255f22cc06151b4ee |
| SHA512 | e980f812396d6e80c970e748b12101ecbf7ad452d59696b85ab50c72f92f003b59ef5c69649d13e86b8756e82ed1c9683281f698a27c4a913bc25c69c84f838d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eda3261f848e168fedde64607463d105 |
| SHA1 | 321e51ef2fdaace1a2c019401e46f586b0b3c746 |
| SHA256 | c9dfebb39d91d1a82a8698b30e9bffea1317b77cd09d8cb6c0e4aeefda2e2b6c |
| SHA512 | 48a8505d508efdf265c9800b85bcede09cc8c50ba715fd286c00ecfa5bd472944dcac56f28b627fb013d619cf3f71edd95f56b8492f9388cf7c2389202e446d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d6dce23f85536ef243e5082a2bd4613 |
| SHA1 | 6a98f87038447b5d584c2ce66299390840978ae9 |
| SHA256 | b0929890a97bfc90c1a752bcf77ddc64e68452120d727c9ecb2d56272e182057 |
| SHA512 | a6ca6026cb7f2ffa277eefa7f205edd13347960c1fb7bc367bcb661ae4b246b09bad5cc8403f6c836469ecec2dc8b43779c48c76edb9b1bd246a8294efd36b87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5826dc.TMP
| MD5 | 8cc0cd26390198a66fcb5f7d3f3f1b8f |
| SHA1 | 4f00f935b9ea6758189b2f6f35a40f16dc67d06f |
| SHA256 | ecfef258239e52c3de4bec46011f87860330aed92f0323c944ce4b49b4b71f12 |
| SHA512 | cf80c59b6e003e0c2f3c3b2b44c3cb960311d85c2ba700fe5527f67b611f1eedaeee6de3638b5f7e210a1cceab1d0bc606ac36956cef061e1958738ddf9f9b4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a99ac7a56774f250369d8b2abd8c9b55 |
| SHA1 | 23d398592e8f2f44f9c5326fc6db9cf45851c196 |
| SHA256 | 9f3020811aeb84cbb108022938d82996f3ed3585fbc1eda9d21c092e0c23451b |
| SHA512 | ec18e0adc197bac4f1c7e3f1ef1720b098fba3aaaae4cbae06e344eba54ef39b02b7449909ccdc68d8bcdf3738e52f7e245c2dd8117586f5778c9b93fa988e06 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c976c0c987224764ec3d6f8b6a517063 |
| SHA1 | 360cc984b086352a69b3268accef21c844d2b655 |
| SHA256 | 134373e44f47945e6b0e85df0fb9c052b62439aeb683d0f192285137e7bc122f |
| SHA512 | fe8fbc59d04f9d7b0a4fbf8009fec7f494d4109ed9300d0bafff96b57a97a044036a3d0a66135928d8e134889bd97d7ccca811c1cb7d4b9a758e9ba04f14d0f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2e7aa27240506709ae43fa62c9c4e6ed |
| SHA1 | e825af79831c358b5314db34fed09aab5ae2d391 |
| SHA256 | a044f40afe0b0a09718e12c308155c165e5ea71f2240d8bdd10ad5a387e9d0e5 |
| SHA512 | 1b84c228dce309fd35369425f28e41dd80947d314de1561f08b5d615a200a2b803c8984d57cabc47e6148b40bcf75ed0d136050dfa7f486daa5135723b3ca882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 381ceaddc931ae8e3782fba830d4ad7f |
| SHA1 | 5bd7826701b17c08d1a8ba1e17e7696a6e42455f |
| SHA256 | a06be52d5ab0b03c28ae710477f7ccb19d7dc24aa145ba5f4fb5fc1fcae9b6bb |
| SHA512 | 90de09ba0a3fa81ef2cf501af5c6a89ca55582ca9a8ef68d127d5713843beef135dacbe0d40c16e13b2709dc6c39650102bdfba3b2c2b084ae2d1b2833614f78 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-02 07:22
Reported
2024-09-02 07:25
Platform
macos-20240711.1-en
Max time kernel
147s
Max time network
152s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]
/usr/libexec/pkreporter
[/usr/libexec/pkreporter]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=29]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=286007738 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=59]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=286051194 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=59]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=290015329 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=290462064 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=290511325 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=73]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=290957642 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=73]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=92]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=97]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=77]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=108]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=107]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=304804197 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=116]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=59]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=322527700 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=116]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,5736152652823738570,758279817580770271,131072 --seatbelt-client=116]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 44.courier-push-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 172.217.16.234:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | optimizationguide-pa.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | tcp | |
| GB | 173.222.211.16:443 | tcp | |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | tcp | |
| GB | 18.245.253.103:443 | tcp | |
| GB | 18.245.253.103:443 | tcp | |
| GB | 18.245.253.103:443 | tcp | |
| GB | 18.245.253.103:443 | tcp | |
| GB | 18.244.155.96:443 | tcp | |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 18.244.155.96:443 | udp | |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | tcp | |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 216.137.44.2:443 | tcp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 142.250.187.194:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | tcp | |
| US | 3.137.17.126:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| GB | 52.84.90.11:443 | c0.rbxcdn.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.63.3:443 | tcp | |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.115.3:443 | tcp | |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 34.234.9.163:443 | aws-us-east-1a-lms.rbx.com | tcp |
| JP | 52.199.30.94:443 | aws-ap-northeast-1a-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | gold.roblox.com | tcp |
| US | 128.116.115.3:443 | tcp | |
| JP | 128.116.120.3:443 | tcp | |
| JP | 52.199.30.94:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| GB | 2.22.128.162:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| NL | 23.220.113.166:443 | help.apple.com | tcp |
| NL | 23.220.113.166:443 | help.apple.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 74c26e7138f5308fb9aeea12b8a9b811 |
| SHA1 | 47f22e054ee93d42ceda9b8a03b562d96ac07987 |
| SHA256 | 78e03ebd301435e9faae30005d633c7cf9e3502ab9b4a31cb88d7053bce712c0 |
| SHA512 | d793456bcd2062ee1ba3a606f34b5f6f792af60934dc68a4b72ef03a7efcbcb083915e64892577f0fb1182ef608cc5fb3e9beafd94a7162f2cb917e1122e234e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 2bd33c166be8c3008ff38413aefa7e02 |
| SHA1 | e6984e5fb8944ef049be811f5669c17ff446adc5 |
| SHA256 | 522b23a8948dc03e340318c80f5e4d593df97ead94b4c9d17c74815ec5ef4c29 |
| SHA512 | ec21d3b7461f4522829688876826937ebfe6a78d0a47b1ad6e67b2ed7c2206900dce7631881f2a945dd4f2f57551d139c0fdf2e133078ab191c72182aadfe956 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 6fb7fc3cb9566834983aef17a0ee3b68 |
| SHA1 | ddf938a0df250ad02ea1953e71acefd625534d1a |
| SHA256 | c1c7d3c30d3904b8d32831a94a7f87792eafc72bcd9869a72863b9d34e503810 |
| SHA512 | 4c0115d7f333045f881a7609b4a2d22d213099172a61555838a8c57ad0656154740606f509507438d67773d1bd29bbafc4bd10bb5895688373e7ca97b26e2ce0 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 66ec1531a670c68748afcee84ae98963 |
| SHA1 | 550e98440b42030406edbb8f6c870b5a38b082fe |
| SHA256 | a60847d92639efee0ca0d55c24a52682fa9bfdd0164d1db0110f75649e20704b |
| SHA512 | 83239e11b98bb69aefe04156bf5893f70cae4f86ac96c18700e33699e083f964fe1f8eb8ca421059251f13424ac8d28fe3bab2af6d8c8036fd40b8bffd22ab75 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 93f8f269bc0df38610d299f57d3b58a3 |
| SHA1 | 2decb31ae2d701913bbd0f273b147db4c9a49ef2 |
| SHA256 | 99ee05b387a2c3db7070e8be770da4a44b1b705e826701c6498c98abd916ea9f |
| SHA512 | 381b7f1efd24c4c45af97893484912a758f0198f77062d584dff91127dfc0e0ca4e0d387f223cd49028655a731ea966ebf6bd98d01d85101297469bf614e3037 |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 0746def38199964c8170c1d254b498b4 |
| SHA1 | c6ce25c2950ae1d8c4d96b6ba619c23241cd7a49 |
| SHA256 | 77dc5d52ca53f2ce8046c7d550b6ed39ebe0d54b9031bf53261edcf42b93e5eb |
| SHA512 | da8dfc5f5655f198995b65354317ac999912eff30d6c1cad27bea799e2c6a5023c6c1d955990c5d9611f245f9a95338e603bb1ebdb5ebd5aba6e202777979ea3 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.rJMkHx
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir0d8vm0/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir0d8vm0/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 648533.crdownload
| MD5 | f5277018f536205a16a40c80d0618f28 |
| SHA1 | 450739c2f2791c9d225f64e48dd02930df041ce9 |
| SHA256 | e397b0603c29fc351b65eb208abe92e1b5aa71ec1c4062eb40cd5998f368b371 |
| SHA512 | 486d2b537f47b970292174019ed082a41cd1784f889a4cd9c9f30f1e7459ce42c8758465268fba7773f1294f2bc4edd679bd9a50ead0218adb74940ed904619b |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/bda8c662-4dd8-4fdd-8e12-a9230e52d01c
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/6d8873c9-f6b8-46b1-bcd2-42a344a47db0/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.UPnYso/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 72326a22c279498851ae0331f64c001d |
| SHA1 | ed2e9811491e6dcb047cdc5ff8c20f75091c1f99 |
| SHA256 | 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541 |
| SHA512 | c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8 |