Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
Resource Forking
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Checks CPU information
Checks memory information
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Analysis: static1
Detonation Overview
Reported
2024-09-02 07:31
Signatures
Analysis: behavioral9
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:33
Platform
macos-20240711.1-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/usr/libexec/pkreporter
[/usr/libexec/pkreporter]
/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd
[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=28]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=280279736 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=62]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=280348023 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=62]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=289225564 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=71]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=290033468 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=290125103 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=290325524 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=87]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=95]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=95]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=76]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=311471402 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=331918973 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=123]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]
Network
| Country | Destination | Domain | Proto |
| GB | 184.85.51.234:443 | tcp | |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 34.104.35.123:80 | tcp | |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| GB | 2.18.109.84:443 | tcp | |
| US | 8.8.8.8:53 | 35.courier-push-apple.com.akadns.net | udp |
| GB | 142.250.180.10:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 142.250.178.3:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:53 | 39.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 24-courier.push.apple.com | udp |
| GB | 142.250.180.10:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | tcp | |
| NL | 18.239.83.69:443 | tcp | |
| NL | 18.239.83.69:443 | tcp | |
| NL | 18.239.83.69:443 | tcp | |
| NL | 18.239.83.69:443 | tcp | |
| NL | 18.239.18.116:443 | tcp | |
| NL | 18.239.18.116:443 | tcp | |
| GB | 173.222.211.33:443 | tcp | |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | tcp | |
| NL | 18.239.18.116:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | tcp | |
| GB | 173.222.211.33:443 | tcp | |
| GB | 173.222.211.33:443 | tcp | |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 17.courier-push-apple.com.akadns.net | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| NL | 18.239.50.59:443 | udp | |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| NL | 18.239.94.64:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.64:443 | tcp | |
| NL | 18.239.94.64:443 | tcp | |
| GB | 128.116.119.4:443 | tcp | |
| NL | 18.239.94.64:443 | tcp | |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| NL | 18.239.94.64:443 | tcp | |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| NL | 108.156.60.108:443 | c0aws.rbxcdn.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| GB | 173.222.211.41:443 | c0ak.rbxcdn.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| DE | 54.93.128.66:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| SG | 128.116.50.3:443 | tcp | |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| IL | 34.165.122.223:443 | e2c63.gcp.gvt2.com | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | b9575b87a45979d0efd5460c4d0bc1b4 |
| SHA1 | 8cfa85c8682bfaecffdefb48b6183dceb6755e22 |
| SHA256 | d8f751f99675c4d31d552bc0aa6c2ba2765b3a41a694c3f7a9ea5925f8b29f3d |
| SHA512 | bc7aec72d2c76793b02b3d7779e71936d19385670d21c4367f8f55af8c8802fb1141a0d64a9e6ed43dbf8dc9e9bfd4dedc58b1994ea1a72a3c77aecd3198d2ee |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 5b5f9de7d783ee06a5ea6517d1c420df |
| SHA1 | 541fca27fb23de5614530320c89b52d08216d87f |
| SHA256 | 9641dad71e53886818dfd7478d2ee2c5cb913782fa0345765943c066412d5ea0 |
| SHA512 | 1881694134b63ff3b55695bce2abb657318381762f3046a533c3f3fc373d01b7538d2247422b76f208c6cd052dbcb1c8c18399543bba6973274c3325b2084b78 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | cf015591f14862dfdf3f7a98f85be565 |
| SHA1 | 881bd30ccce32da21fa719d37a2b824fd099eb7c |
| SHA256 | f15e8c85630c13c1b7a7e05926ee745eea7ee886ee0f949a2881600694fd244c |
| SHA512 | 7495a4328b56cfef4e6ae6655a0d6ffd7224d3277a01c990ce5f612991a711256b9bdf357f4f7d4a8b394de645b66b261d0f2b1690f777fbe33a561a3ee31c8d |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 4a10ea6c4b585d2f831f56bdcf3c455b |
| SHA1 | 3bcba69545ead1263a369577ea570f1f91053260 |
| SHA256 | b9b3d4eb2c016429d77374874caf5decbc1d8aed68d18b872e68d47fb301a0c0 |
| SHA512 | ee891bdd05e7aba1bf84cf2538e95f0f1a8c0a4b17453016a8460bdfb4bd30de590a7a85373617c73ddcc1801d5ca6c445a4adecb55138433327cee4a2f326e7 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 0693d8596680a66202d15bff8360a0e6 |
| SHA1 | 4494a7ba806914c041df7814cfa63be25ee2d9ea |
| SHA256 | acc612f510943c9928b073ab0f882db83085f4445605851931090ebe7cda0c4d |
| SHA512 | f6d4e41c4f92ba581f1e976fe61cb4d718755955a2a68f254197219fe63d265325dba2527a19c55f5edc35c0018f3befdac874a03357a762de8f1ef68098f2ed |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 4314e7c34f93d934740936839e8d2fee |
| SHA1 | 441705a344dc633be42d20d9e9e2fac01d9e5a62 |
| SHA256 | 2fcc0da5eef8fa3abfb01d8c0223e274bffadabd7963a049a4131f60c931bb1b |
| SHA512 | 5b71ad945b7abdf36ac02af748a674f87519e1b228fbc0a188e02c8546d62165e4fd3470f72d82dfdf93fca91f5159e9814424dc877267aa80f068ca37f2e56b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.jXfuH0
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirJgDQWP/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/ef2a1dfe-b561-4383-ad09-6d0e9f70f63e
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/11db5c02-2436-4a75-803a-0edbc7729b27/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.4sq07b/obedbbhbpmojnkanicioggnmelmoomoc_20240823.667410168.14_all_ENGB500000_bjx5pfk22zvlrg74ds2zbjubhi.crx3
| MD5 | fc8c03bc80a915b437a42a43903fc760 |
| SHA1 | a4be247fb11ef9d7ec5a52514cfe3f729fb16b4e |
| SHA256 | 146b6a960bcc2c889ba06b8fcca482c04e53e66db6913d32d482aacc1016811f |
| SHA512 | 53facf49e100ba0a423f93e81b600a68aa54af1280edb8e39bb785bc0c418f3b5ca6f8a8b313bcf652687b490ed71ef0dbb07c4794b22613aca68b2a4556d606 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.0R0r36/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 72326a22c279498851ae0331f64c001d |
| SHA1 | ed2e9811491e6dcb047cdc5ff8c20f75091c1f99 |
| SHA256 | 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541 |
| SHA512 | c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MIqxei/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3
| MD5 | b2dafe25aea793b54de2becceb187c6d |
| SHA1 | c161e609d50f79ac43b26bc3ac501c06ee1f98b7 |
| SHA256 | e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a |
| SHA512 | 9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Mdt9Fe/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.1eemjM/jflookgnkcckhobaglndicnbbgbonegd_3040_all_j6kvwuv5hzxeixor5sxkklnez4.crx3
| MD5 | 74380408f0ea043c6c7b97ac9317a0a7 |
| SHA1 | f54af3671a592aa5948039563e358474e50886b4 |
| SHA256 | 2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0 |
| SHA512 | 7510500d90fc86956cfbcb1f5f207dd3ededf80ee04c2ab2f09838967d73872c51879b60edc35c7ecc8a53d49cf564e9c2fd51b263f04f846d149f3db941962c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.gV5CnE/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.smyiV5/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.mz7GgU/hfnkpimlhhgieaddgfemjhofmfblmnib_9080_all_adyqmz5d7zknugejsqqetolhvjqq.crx3
| MD5 | a2e8576c93481396bf37747a2308fb89 |
| SHA1 | eeb4826f10a66e9c8a5a811bf488c35a3e00b0f6 |
| SHA256 | 34c9e8727957f05b0fb1d6c61bdd7cef50b2293169e6ab31e3c54d8db8f0ef6a |
| SHA512 | 202539d71cebc2bbda5142616b07564fa94231ce1f969b0ec8b914d7a91e92d0916c2044c7264739d076d936dca04f9f86f9b0c16cf37dd2e4c797fc8a943451 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ym9K0w/eeigpngbgcognadeebkilcpcaedhellh_2024.07.12.235938_all_a6r64uyugl6fjh3lupjqo6w7ai.crx3
| MD5 | 5e35055aa7583eb7c42b10833763abab |
| SHA1 | a8285a121e4cceb3cfb6b53827bd1cd3682af862 |
| SHA256 | 8814cb6cab024b119ab991ad7acd74f4df7bc68bbf86c0903c8be9852a5baa55 |
| SHA512 | 79006925696ac264d2801fd41fe632e5c2c9261a285d4e7a4368782f682cfadc6cac2b83835904a28c4734544b2b4230d720f81b7a2ee4c4782562a53858d952 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8aSq9r/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3
| MD5 | ba0c44cdcbb9f1a8b1b2cbed95346caa |
| SHA1 | c9a5e9df64b46db7bf44b091da1c5553137bff55 |
| SHA256 | 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948 |
| SHA512 | 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.RkZPL0/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 747aa28b0cd626aa74f13383e16c59b0 |
| SHA1 | 3f5cd2c7ad99c897cf431c25668455c6763cb03a |
| SHA256 | 06d3c57937e01b95f221e88255157da76263d3bb8c606cc1836c3697d0461e78 |
| SHA512 | 12722880a10b20b86c76f5ce5fd09043d0de8d47b37a4f694789fb20fd662379d9b8728a38741094f0a99d9f6f653daf25a6309768977eb2fe39fa8ff129dca7 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 81e74c038daac3120f8c795d461a3b09 |
| SHA1 | 0c8e95f1425c99796806bc373f28026de00b4ea0 |
| SHA256 | c90c39251b926cd310340c81e403c615bd0a8ce335a2ce1bd03db92ae1e87af3 |
| SHA512 | c30e6d3fb02184400ce687a018ff0b811285897ccb57a9c00bd694ec5e4b1e723c2388501ec5963e28ef5c94abcaf979c25b9597308c3adc91bcf692d94e5a79 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 3b02161d6040790a2fe9a816b80b736a |
| SHA1 | eaa9d64d4abce5aca8c81b7e56bc5ea174e6eaf3 |
| SHA256 | 34a2eecb9c6c696a3093b4ea13f45899dfc1f095c102dd97a6f359c505add23e |
| SHA512 | ebc4934a56d871a1797c65758064ad4c109637d6435492a9f65281d06df2e4ed7d98a92ed15dd8b3d529d5a7a223edd3e025a625eea6be0087dec07f0a044eb0 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aqthFU/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8A7Did/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.kSAefj/efniojlnjndmcbiieegkicadnoecjjef_1062_all_adeocrbltt6ccaniukpklryf3ibq.crx3
| MD5 | 58177ccd3bf9e82220c0d4677e677171 |
| SHA1 | d5d2a3cd1576b65db1984f196654252352b76223 |
| SHA256 | 22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d |
| SHA512 | 4ada72196a0aee1d67523008fb1c9a8726c17a79f6df6b721c449389090f679cd1e33545a478998268ff51a0d0096ce5073151523c76fa4b9c32ce728ed73851 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Ityjfk/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | ba83248e2c0e5300f2b6bcfc07f7b4ba |
| SHA1 | 2b7b9edbf705b87e2d3b767ee5e623ed39df3d67 |
| SHA256 | e46ce1666bf6f9fb5601402179d42b06892a6498ac875101d9321af2292c3cc3 |
| SHA512 | 9e8031aa93348265bf30552bbb581fedf7cca65739fdddb224495ceb0a7788d9877aac82f4fc6eb215041affa9c038a8846967a1cda9733f6dbfa87dde2aeca1 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 72e01c325a6ce1fcc89c7d560f4894d7 |
| SHA1 | ee5d42b804dba3e9c64648eae6d5f0b3be056cc7 |
| SHA256 | 846b8c5c95f9840c5003a9421ad86c2cf8e517d677ad88eea639a3850c988e99 |
| SHA512 | d4e043340334bd5b56d8a1df174b84f345651d69785aa9c0537adca09ac80d2cebe6933aa2bd60db66f172debc3f6be624934ddb915bebd9f99ba6c47c9aaf08 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.JYGLsK/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.08.10.00_all_ngbcdbf23y5deox6qfrqcyni5e.crx3
| MD5 | b22ee22c7bdc09a81df6804e2843ca2d |
| SHA1 | e8b4df8defd371e9af3e053681c7c54cabd29544 |
| SHA256 | dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4 |
| SHA512 | cfd33ea1156241d56157d5381c48be65e80290ac5bcb541c0aae0ebb3e8010bd6eba8f74c77a37a17acf9b5a1c2c0090b61b146385689344c34de4ff7c0c704f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:33
Platform
win7-20240705-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000000ef96bd5f12822acda480b120b40f5f53148726f885c9beaefafaf7bdc95c008000000000e80000000020000200000006272a289b830853fda084c9baac2c98c2dbbbc9b27518d6950eebc074d50f95f20000000baa0998100a3c1f7629bdf58ba583e11aa5b0dbc8264188916c887591a3f0be640000000a521e44833850012db934280decaf949b9e238ab754347319d72d9e07c5dd60b3f107b579043507b3183704174d65e9441ba7db1fb7bcfa4ff6cb90ea2a6bfea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000522fcf9a3348f20927632ee6efabcef1c2817e0bfab561812846005cc183a224000000000e80000000020000200000006af50ae2c1db9638fbf5ab0f0910a2f7be163f8dd6d5a3774c52d11b44724c8c90000000985afa25bc8ab40b2ccc5290e7be31af969ffe9bbe48de2b34959902ea841f24e6552dd9402b4d9ee82982e5700ddf610d06bbef2ba9740b4a3789d85b3e2e19708a56614f268cc0a62776737944aabeee816822646daff0415a66dadb9574d41bac6c04b11eb93d0867ba7f35a5d290513eb111dfd54f2daaab79efff20a0edeee73a89d9a162f69247522c558ecd8a40000000c63d834203f56f12eb2d81d3cb0a4a19bc670afc68a62565dd32650adbac3c159cec6468940f80912078637110294d875101b01fe8b473bc484768c0fde85503 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703326340afdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431424151" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2764 wrote to memory of 2404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2404 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| GB | 92.123.143.113:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.23:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 173.222.211.50:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.115.33.219:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabC81.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarC84.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faddf4e82e52c031e2bac43d4858fad7 |
| SHA1 | ceeadeaf9066d00e3eafde5a03c5c63e107002f7 |
| SHA256 | 6727effe75780bbfec04f987105db3d55f02895768e22ffb0e01be4eeab26725 |
| SHA512 | ce87994b9a859bdd07a30efb11b476201e9dc3db3f92f3c758cebbd4d4cab7a41425efd75b3dfe065bc474706ed14f36754a53b14117c09c6f17bc10e3d991b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | a2b0e314204260e9d2d832d594140246 |
| SHA1 | 2008321d4dc02c65591a39576204d6875ecee8d2 |
| SHA256 | d8b7e978f9d9b968af88dfa63e3acd94dc0b7061b9471c342dcef86649e54c41 |
| SHA512 | c27974df42367b69c72e12fb528462b29756e5e78b15ef91dc692b5918300adb6d02a68dafa6d2f6d503da7691969ca9e7a8b7eae0a643a4d54e6a520fdfde45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | c560e49dd961b587aae48b7d36298a95 |
| SHA1 | f90f2b37837b18c0889a487bfe81b0cdd459e082 |
| SHA256 | 177e70f36aa9d2f20f54ac9476d87b6de0981039e732e42d58d6b5e647202448 |
| SHA512 | d3ef1157131c09390b36e2301aad3f54c3cbab7594ace9a6657bc555ce733386ed207a96128b44d8f2fab95154c4862c58cfdbac85a7e31b70d74418ded8f590 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e0423320db99923f04a2516e42752cf |
| SHA1 | 00a1d655f99ebc47f0c8fbede10f8453b535c43a |
| SHA256 | b830141eeca98a210d227f95ea98cd5887978fe3fcd7737a20193af186a5ae25 |
| SHA512 | 706998c0320e95ee929a54886854fcede85ec9445f975448ec9c79278f383712fd939a9054816bc678805a73412c1f54567bdaf697046c1f25844929b498e300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 6de9943051e1e7b85622b90afedb7982 |
| SHA1 | b75b43051943bd90d93a3bf31068e8ed49dedc95 |
| SHA256 | acdff0ac5844b1a1aaa9023530b5973f7d5f6a4b58b33d4b4bbf8202c5cdd30c |
| SHA512 | 3d8b09a62ab76bf7837853eb05fb6e5e2d5f533620cd9217dfebb8736419e1af0dc8c89187a9301e016b1ddd9f6ff90b2c6d2ceea2d811f414df5c7e20144267 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfae84a330172045e5c90dd8763420b4 |
| SHA1 | dbd058949f21838d91228be56db259ea44e9350d |
| SHA256 | 1428cc10fcfb7d3acfd67de4d9476fefe2beae628b96515d766422b3a2fc4494 |
| SHA512 | c28dd74d148f83630f21aba18787c73fb66339f93bf2c763150e55c2c7df40c5a3daf77b9654f97746c5b22f2e32791f07a1c0aaaef5be4585961b22d495dc49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3236b48ef17f6a2888549bf4718116a |
| SHA1 | 3e38f686820929a41cd762ecf06a03f3ccefc48b |
| SHA256 | 5980e00f33fab810cf551f3884c8ce519eef597114a5bed18cb7e64999927465 |
| SHA512 | d6c61f3b160738cdc5fc42460502e874d121ab39bd28e5771d34b7676b3aa58a09841254e273de133598c178d11212d42f67463b0b5af9504f812e88912a298d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 0a8af51caf4444c3745c0d88b8a97513 |
| SHA1 | 2c52688f1202c9c7120cd05e633b9d28b0104cca |
| SHA256 | 1d47f45e7d68d43bf4d1d4e590f477ccaa2e0078123db62abc7185a53b4376c3 |
| SHA512 | e110a5d0d2f6a85fcae18ff6d8561c2276fda0810b1bdffb55ba9da499c5684536ed526bd3625e3feea8a6195217a94f7cd7e6b21c704f17295199e17f8cc116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 998c51304fee11623430743495c1185a |
| SHA1 | ee6d6bbe8646635b62ce030c177bb56602aeb736 |
| SHA256 | f546841a74a880b5c7f6713aa12a7dc0edee1265fb59416389f83327234337a6 |
| SHA512 | 4c3e24fba9fa1b1c240522cc16a58d1d5ee8e2abc0a7dd5a3aa5062702c319f135abf4621080f1313b88edd2517b17cf29760da40e7b7622490e3a86270a0d69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | da79160705f9d05cae67a9058568c00e |
| SHA1 | d173eb939cfed2094e58e9bbfc20cfaf9f2a8fa1 |
| SHA256 | 6f82c4082a2b73aace563cd6a0967d892cb60ee87463df34b9a125994097ea1e |
| SHA512 | f97906319f4f4a2aff34931a255373b3ace6721875f2030affbe737e0d3dfae07814a9593e4c610c1ff62c5f07adb6a8df2797f92d4dbddb8453b378258d0d0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6420120904600b996919277932b02b81 |
| SHA1 | ee0b5eb7dd0ff95e31480f58c19e6dc4a1e88364 |
| SHA256 | f9b1a13739055a54b50a2ca874b588e42872ce1a1d85e60e5279d0e6e33a47b9 |
| SHA512 | 57ac19b737ae5119b0469eb2b8ac6149ec0c9f5c98a46416f2260df60cf8643648301d0034b909634e65b5dc7396f4bff97d2de3e50a56ce6e84addd4836945b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2aeb4cb65cdf208f2e9b1ebe7b44614 |
| SHA1 | f26b13508ebacfffa2bc487496b21f1b186d3cae |
| SHA256 | 682c72dc4a5702d95a61b466b0416032d6c9650b3cd5a03dc50f6f18d2c47222 |
| SHA512 | 4751c2b6df586fc5b20cf50f1ede6cf11ff4a9eead81ce0112e1db1795733ace432567902a3d0b995a48443a94c8dbb8364a6430611bdb60dbf70f2f5ce111e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2f5dd4d867f5311fbd9ae9951323e68 |
| SHA1 | ceaa6965dcf2c97ea25c754ea8e3c93c5b6a6a5d |
| SHA256 | b80ced390544dd08379edec68b829cbb07d94911757a130874515685b71532c0 |
| SHA512 | 7a0c0827e33b2f080d9a157f758111b4c72bbca315928d08eb296fdaef98db7611b7bbd4b19f6f285254acb3dbccd7bed71473c9a0e8817e9262a902a06b9837 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e280e6ae86f8aa9f8ea4d3c583dff77a |
| SHA1 | e776aba21a052dc60128d8915429dcedc2b8cc8a |
| SHA256 | 8cc122bb2ed6afbc1a8d4bbdc988ed1465d3f1e731910bbb7577e19cd400d822 |
| SHA512 | 9b9528c964e81f519bcf93f3185b8e2cf52708919ecfa7041a3f2a0b8fb7f5d7455ea9af760d8b7cbc150e6efb4904a6dbd8e9ae59f21684df929beeb2de0f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecf9317d2d5122b5c91b1fbb34c697ad |
| SHA1 | 2fb88d215f459f4a52ab6146abbc4abdbdf18df8 |
| SHA256 | 11ebdc33c479f186e2385b3242dc111f111c71ea0537c9ed7ea4157c3986f1e2 |
| SHA512 | 6f24993c5c11937d7873ad6928b7c4e54abd8580f031d77ecbb56b47d865b5bb71bcb0091e4ad6c855a85f84abb861502baf20c45cab8ec2cf822e217975793d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c0acda6bf07ea46455109570b5c1a52 |
| SHA1 | 3710dbaea697d0d32ebd0b4967d99bbebf132ef1 |
| SHA256 | 3a3f0a660060b6af7a67fb2703fda8eccf4f3bf09435a32390756c56148e1d28 |
| SHA512 | 54e91168a410e3c0e0ac5c55a82fa5c85c0ccc318f3e3348d5a14efb65c5e188d3fe954467764356de10d91fd6a3096d514e92941df5df3998e021a7f8ba503e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d93f313ba0ae740727cf32a913d99cb9 |
| SHA1 | 221a5d0632d8c172996e2ef0b6032718f56183ff |
| SHA256 | 5c11427f6fdd8bbfd91f3bb8270ece7b5cacae93e37d6e3a59e14fa7d40544b6 |
| SHA512 | 675e26efa20d9acf2f989699d74b650674085d11fad65484e48e22af32376b1d4d9792e91ec28b8e846929736d4e7f3e992abd8c92d876581a6b6c5c8a999316 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2193bd3ddfc9a1c7b2d5ef5882186e7f |
| SHA1 | 6935270fc229262da19dd47bd761fd7a7176c293 |
| SHA256 | 735abdd1c1921e0991304b716dbdf6a62f18ecefcb1b45ab6b21b5647a77785b |
| SHA512 | 1f9b799bad3a307fe5f19ec513324bd3971f8af3017502ce41820d3abd5949874d36bd7f65f3132422124734a4bb4fa671c90889f7c7670412622b85dfde0b51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 600abd732c0fb4abe064ad16c041ab39 |
| SHA1 | b68f09ce6fe1cfad50dd7bba678531df10b0669c |
| SHA256 | 2349323c1f8ccddd787849800247e2eb36f0305f5db62dca71773347dc6fb98b |
| SHA512 | 5802663633b0b4b75f031319ddb14af7a47f00473ece70578f111eff0eecaf32cb54b41f48f6f3d10d28889684f1c9f79c776af625a42cd61895e777f7757449 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 5136c0da506ea611c3629be2b948ac1d |
| SHA1 | cb7d7e39ff124b8196c24c4ec74220eb22ade0dc |
| SHA256 | 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed |
| SHA512 | 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 9ff3f0fca6c4a236f58309897da71ac3 |
| SHA1 | 1decedbefff9821fc0834a1f5c84c917ee87e668 |
| SHA256 | 2e34198c4eb2c7bc40203798f74227b107460d1fe7ff4629e7886a7262e30e02 |
| SHA512 | 659e4119f706c9c6ed36bcc55e388caa0f4a9ba968f5e5038f277666f574ab90d0bc686a18a8a97f3df98fe771f204cf5e5ff80dc244bae387205b09f00deade |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 09cb6452f2b3211c61c77f35b24efd87 |
| SHA1 | 9db59ed75db1e89c152ceedcf0726253a4baa33e |
| SHA256 | 7f922db9fb7278a41289178e42eb97065ef885353744c12ebd8e83771468c6e1 |
| SHA512 | 0d66e3dcfff089d1e9fe1c90f0200ff35d729f811c6ec7ced8f6e03583c5dca06ae5181f002a05e16175e09c0091671ab6d2c254990861f29d780414ed36c7b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | ed4a3b5c18b1d844aef5c6a1adde698d |
| SHA1 | 72140e9aa03d87d8c90e1f20db03886d98484bf2 |
| SHA256 | e7386bf691df2f47f4bc827a87299e713ff85d708fe22ad3110d5f6119e43e68 |
| SHA512 | a74bf70d7a669eee5987b764891bb394d5356b3616beaffe5eebc06a64003c550427b7c8b31bbc46be7f4501ecd12bc2c88b5d38f3d7f6d38ffb8217222cfded |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 37f3961a453ec51c2715bf15922b754f |
| SHA1 | a35f095307f3b86f3c32040264e59fc2d06dab28 |
| SHA256 | ab305a9e0cd7daf4fbb8fe7247f49cbaacf43e3cb3eea5a50081b0abe7ba4ab6 |
| SHA512 | 912b7cf0d41a74627a10bf28c024bbe452e723b3a46369c2bac221ad7867eb67a48f7e1679c85cc5cd8809b5d66a5ac34e6116efe9bb169cd6d75f7a9c747b5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d4576f98cba18c5f042964afe0e061d6 |
| SHA1 | 6890358761a4f90e9519cbc06cd8f999d80a465d |
| SHA256 | 4446d72198a14edfba41616ace6878e1a24aea2beff2e8ed8e71c3e092efa677 |
| SHA512 | afd5518f79955ac4bba302606e4baf37291f4242414936407f11b5b00090d8f828b88f326aac7eedc34c224f74f853f7b7d259de2a75a4a096562c9c1ddb4bd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 4a2d3bf5b1d54452e4dcb35f014290aa |
| SHA1 | 41fb1a891a3c593f78ae447970613ac18c33dbd4 |
| SHA256 | 3b3d24f250571d4cc659dc8a9262f7ccdb0892cddacd6765066b62ed97bd313d |
| SHA512 | 413c1416221baae0140117ea6f4903afc2605721e22308c723e4a20391ebcfcba3b6d24a12e46fc53f935d2d93a71b532febf47cfe244e0e00cafc4c459b6a95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 73ca4d18997fd071a27e215d5c0a1782 |
| SHA1 | 9a74dc5e4b2f8f057b2be32f511f3dc49f8745f7 |
| SHA256 | 4c17182db67ceeb60c7a3e2a6a7bd385e67085d5005aef703123da4495cd6a23 |
| SHA512 | 09de6fb6216255690ac883be324a10d69392a4e36e0d4de6ed6982f89d39fd87991e7ea2c6dcf5ad7dd424d06e5e14f765d089650df127d0ce4c790c5cc9d553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 2f36a491e191adc6d4907036b7f94c87 |
| SHA1 | ce672522d50060a4bac90d102487252fb26556d8 |
| SHA256 | 6ce14c1fd1e886d0d367abdc1e428068c3c660031454ffc45e233b87ce9772ef |
| SHA512 | 3898b9119a8ba991c53af9680380df661d8f6f990027a6a139d0a3d78ac9f775993d5a7dbc982ee4e2b5a653daf74d662ce2ebd4b9f8c040634ed668b0247200 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 53d960063761d7bd2cbd194171f87efc |
| SHA1 | 9489b5a62bb6db70baf986601b959418b11af3fd |
| SHA256 | e676f1064e44d6e4ef91c81c0198cad7b9354f4affa4046799d1bcc982b96be1 |
| SHA512 | 6a2e783d2990c9fde91e0e68bfb70344ba33c330cc1acd9c5b1b9abb1052a350cd344f28ef9c22c86783ab9fd2a3b0322104e69917029d492b5c9fe1bf68e4bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 85279382451f09cae88197153581e4bf |
| SHA1 | c5ae3709d3a0613aa755785cb33319709ee70255 |
| SHA256 | 59d75789de2b08bd1a98c0bb37255b526117857f2e1c5490a121911ba113e5cc |
| SHA512 | 37e582a0fd0fd64f2bd0ae4798d74f8a52d3829a5119658215cc06db29f95848d229aebbec6d90c501c454fc77903862910a8878be3fca3dcddb80cc16288858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 0d5c6199f5e1717f62545b202071f35d |
| SHA1 | 3c0e9e730013f3dd6a31250b3874992076441c46 |
| SHA256 | e7b93fe54c2d862f83e25a646ef2b60fb1f33e889683176d809ba16b6749dfa6 |
| SHA512 | be4f0e3acff454b717d856f213ea6caa1ffadf43480aa1558fed9eeccb6d711a219f71ba07399ffffddca007b2a00a20bd31d152c68c25e292031fe7f3f294ef |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml
| MD5 | f73fc9b2fbb83a83fa925e610af17483 |
| SHA1 | 939e7e216e84e2bfa53d8306ab7e26d4d1c2ddb6 |
| SHA256 | 30dbe85668ee28d2acfc0fffd5d77b1685bbc5a0d3e26a52d87486662fe136c5 |
| SHA512 | 46958390f4210d280a6ce34846a9dda1f49eb75f7fc969072e38702c60ac4c6b295eb09e9513fa0c991102cf69dc7235c4db5a1c4b91173df6912e8e485d6ac6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml
| MD5 | e391874d82358418f00561ca49e5bbea |
| SHA1 | b31eb9a25f89e536ae57225433b5034b39e151e5 |
| SHA256 | d76d83e878b303f985ba7d6a126f89a72160085a57abd0c9982e9336cb8b6f8d |
| SHA512 | 28389a69d2736206c289414bc62fe58393449d1e25fb2526a7cddd18cd1ef100acf719df1869b14e843c954e5b9173837a8e3666e37d151195467218cdafde77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml
| MD5 | fa65b0fc290a930cef6a8d0f7f83a950 |
| SHA1 | 1de4bed07534566928649e6280d89ce010b33296 |
| SHA256 | 371869a0893244213aae0d0dfd8eea37810207ee074f574cda249d33682158b4 |
| SHA512 | 1e5e4bc8fb21302b2f1e0647a208ff0d51a12fcb26e8742a84e354775e467d39dfd00a209b5c5f8a7b657173f901f022a0ef1c93f52f5eb1de925c9a1e086bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\js[1].js
| MD5 | d7823b10ff18cebf05169bf2158fd37a |
| SHA1 | 7e68876f0ace6aa04eb7614f121e1930e4239d73 |
| SHA256 | 719e5929e1a4b74b5cc2489fa64399302cec8dbc3620e38cacbe5f571487f452 |
| SHA512 | 77eec59d9c341012e90ae219d43e3582a2a304df492d83a49cd509c28b1eea636fff1ebe50c2407b24f5dd12ddb97ec611fa25a859a8e040937f345d800dc56a |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml
| MD5 | 8bcd458ffd15b1fc5d314cd0ada1c716 |
| SHA1 | d079d87d0d2c6f1c639cea84e43583179bb63834 |
| SHA256 | a5066ee153357ca0510572a95d790f02a48a7a8c05ab75aec6a9e7629a1e66b6 |
| SHA512 | ddd3754751653ac265916c07d12fe5d76a0b28318811950125a57d0fa5f395f042cad66278cd620787a93ae36427f5dc9f184bee7bcd07971345e52407c98451 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat
| MD5 | 2e6703461a4a81bb0c8964f1656a6354 |
| SHA1 | ed795cf09e4c43a4c1f8c82872859957757df02f |
| SHA256 | 6d9a5608be36f6e1d127704216fd0513384c0949a731debd783f0b4e063dbfb2 |
| SHA512 | 488262c0819a93978eb05aa95b926d9a8018d0fb364fdf9da09668185ea48a9b3c286b209b6adcf9bfc1ddccd2727bf54a14925d4f2282ec9eca2477ea7bc5a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7299b336519d95da7ebc932b591a1258 |
| SHA1 | edbd12fd59b3ecbb73f0fb165f9313ccd6792617 |
| SHA256 | 151b37b03253707b0971250858f5f9e077c82aae710e9c7600fc44c876768149 |
| SHA512 | cd2b5449e8310c60a5cded86e8ffa65d31cc360a64b51ada1404640db6cf9d97698f002426fe176aae2dc742ce99b218fb0a048766b75d32588b0b94017cf5e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0580a21315d62bf8d0fff7282524624d |
| SHA1 | cfdb483aa87d3fe397ff7e3cdd4e8756df7fe7cf |
| SHA256 | f2b497cef29c346247184412ff9b4dd1a6edb78328e8308715876f31b5d67c3d |
| SHA512 | e2249feb23cc8aacbef7c8f509a30b45048e6f56cf1d9f2f27e14d8c95ab5f7a0bdd284c73525798e5327c4c6bacab297b9bb2ab65b5248208d9c0e51ced8d26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4de1fe46ac962e6c8779531d4561a8e |
| SHA1 | 4e4c4f9bb84d99cd73affea66cf90d247bb956c0 |
| SHA256 | 8b421878a3e732dc66eb00867da63b2ca317d8615548331d146f9a0e3dd7752b |
| SHA512 | d1cf060b12385cb78d2f9cf39969af648a06b2e68478439df4716775aad657adb843b74ae26a79e1d069c762d1ae8ff11f30c3754ba805740167a8214c18d27d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 988e4d07f6c1e70abf50ee807509f419 |
| SHA1 | d41e321337aad66048503abbde913caf66d14f91 |
| SHA256 | 9f96a907a2ad1ce181977f19831e6b2f5cc02698f920414462d0378dc98c38ca |
| SHA512 | cc538b5ef535b71bc623c5db5f444c97c4c865124a7a275badce466a1a95b0578bff87b2d92855ec544da658595a864c7419aa259037081589fac06639c3129f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 257bffac99eb14470e53274f9b4d65ca |
| SHA1 | 4ea1ed3feaf1936be08579c6857a1b80d3f4016f |
| SHA256 | 169085625925eaee319ceee0e1ef4c291daed556e324a43fb0868402cd7dbc63 |
| SHA512 | cb0d300b6d22d46078ed36e271c4f5e00043ea56458c3097da58fc644e7ad199a3ae8d1dbca25198c20d40265bff759a7f0e2b47490bd4eced4d2913867b8db9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98016a964f3db8547ee125d53b1e4ce5 |
| SHA1 | 46d353f39f8d3e6ed55f73800a90d8faacbec5af |
| SHA256 | ebbbff87a25c17d22bbdbe0679fd62e6e51e797dca5513cdba7af4c9e5351d64 |
| SHA512 | 1ceddf1de015e857faa54fea12b7c2f96e2120550bf61afcedeea47ce300a8f15c08054910232f2ef7960ae2e0764a0c8efdeb91519f34633e1bad78af4de6f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 090d119e75851cccdde93f2ceb0292d9 |
| SHA1 | f77b3d3c0348d3a6c3c6250f8204ef47a21995d2 |
| SHA256 | f11762a883a3f5f6839798f6b8f616bda61faa754f99f00c4cc3312144ce6ec1 |
| SHA512 | 2757b5b008e5d38c86378c5c70d8b6dd9f37e541c280013f3b9c15105ed38fa3a0ce2d1968f64d1cfc6162edf9e153405e975b99e168ca4544f739f8ddc94bde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 428e99b76e4f68c84ec879b443aacf45 |
| SHA1 | 62c88e7681adb10424c412194aca68ae63d0953c |
| SHA256 | 32b17a88625adb703f824abf3789c7e4887024605245abcf539830e091ca125a |
| SHA512 | 783b227f7f77af1e6efc0c403793409200399e2ad0bb73bd1b1df87f28182a6be9819e5c04d4d9b4e24314541dd4a7e0904de20802f843246fd8974cbf1b2077 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 032a5b5b12ca4a9793cb8230828c3469 |
| SHA1 | fb3af4748f118b0556738fc000933c4da9dea0e0 |
| SHA256 | f00c89460df407874c6f17afbeb782fa238abac1bf16722678a928e524963530 |
| SHA512 | b197e57f9065106e39e56657fd7799115b04701fe24de4441259f8239ee78c8ab74e35a4d5c9a1e9c922b5e6de7568ac57b8f270334362bfaace63acabc4e9a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 793238846ea45d7c28deb8c4039715c0 |
| SHA1 | d444f470152d752ba491d4ee4c75045c81535945 |
| SHA256 | f87c7b17bbebea81135f576edbf3bd3106c8ac2434a255f390c85b25126eef44 |
| SHA512 | 5547fbde33fa3c3e86baba670dbdf5550043acf846c50a27327e9aa2d6a3d03efe9be91d987ea9407a19552afc945caafc766440cac5831e33d2bf85bb4c629a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba78a6d3877302d6242687a6281d60a |
| SHA1 | 1baed9f9a72c2381a19bfc0d0324e79272896b06 |
| SHA256 | 5ebbcb5cf209db691dfac625e3f09b9b5ca2d706b8b5019255cc4adcd71d316f |
| SHA512 | 57bb74ffd6b1f81da9057089ec7c7e5a0e09233c717b74a24b108c88f6db30b23857bdce95a569ff422dfce05b5b729dc264359cc3a35f7c3a53d63c83557e50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 724179b163055b95a314f9f24f88c152 |
| SHA1 | 24c1d225920501584359d4ea318efe10d829ef28 |
| SHA256 | f75d4c4e2d4f08cfbf96bb2d2bf0d046664f348566a4ce115fc93ff486add655 |
| SHA512 | 3bf06789577a2e9bd400cb95be02197a0938b39140b5bd4142386d3dffdf4eb786b52862bdf8c0e74353a21563731e975062524448d44ca073d50e48c45a2d7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e29b6aeb64553573c7ffc1399e261cb |
| SHA1 | 076da098720c7dad3b8215aa7b54ae63739a030c |
| SHA256 | 3785729d045f3ca7bdadb6c52bb2e70cf6358b21acb440e54e3ede281c76a884 |
| SHA512 | 3d0fb6a8716f7046beb705a5d9a4f8956e7d6255659eeeca539f245234d4f1a81436d0a57ca8b480e352df46f27042e600732e36a614f196bedfec1335039dbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd07af46faf514c0f2aaf4a53602ffd2 |
| SHA1 | 9df5666652be6206b3234a9122e753428db57e4c |
| SHA256 | 606c2f35f99bab9d85755f5943a089b0e6f5aed6d20b32b0ebdc55bdd52a8b5f |
| SHA512 | c43f57af2db73a5eec235aac34543378d6a275bb77564f757120d793dd0b062ad5c03d037cbc26d90b5a5a8b0cb1d14f83b47a972484199464461d39d39183a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5eb6b04e47d1d7065978a1719eac89ad |
| SHA1 | 9153b09675cfe4e0eb51ba3130784dbbf083749c |
| SHA256 | 8e2a01efb938b4482ad1731e2c05916709f4b5a2aa3de07e9e16b3aad3f4f6c0 |
| SHA512 | 18e79e43a2d41ce0b245f972c5d55f4a7023bb6f9a3e074b1e4deb5ed5b19c32d9050e708890d8846cbc6462acc2a1fc701f846c7f6d8be8b6b906dc601e83bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8372b488035328c822fa46b5d5538d61 |
| SHA1 | 05b0176a08bc81dc08fbc2654b728f4ea08e4cdf |
| SHA256 | 3ae6d5e19b5d511532221620bdc40cc62078f7e2496d911767c1d4f47982cf9f |
| SHA512 | 16ca1b68a03b4cf20a03d6d9c4fb3850c5ce7b18ed6d5f6514dfeb6e2322d184f21e236cdd7a84033ea35612a2d26df4fc83a88ffa7ab7b517a13d09c3801051 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b12f0dacfe7f0273a645c266a739d82f |
| SHA1 | b3744645cbfc42f88a34b82f59344bd5fc630c11 |
| SHA256 | feaef856d2a6429eb4b03bdcc813e7273fe44d6b6a9979b7a382836852d9fe26 |
| SHA512 | 032a64b6925b83d5750676e787ac967e3c7fe016f6016bd48b6893305f52f5ded977397bf84140fb28bcfc23813a5e51a53dd1d3dd96ee487bee59d0cb96d451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7110c1b131711048355d2a6526f75e5 |
| SHA1 | 6cc2b096b6bb60db9df25715c84b473a95d92fe0 |
| SHA256 | da5512ce9a0ea310f55ef1afbaadd14e98c318d8ae0a689b273ff2819e1e46e7 |
| SHA512 | 3036cb86eb0a5f2eacf2b7ca90818c672e651501fad77dc562ec127829b64c0c4801536de8012921112bc67caa0317a61d8fcc17341d83ee5d4b02aedff6d0ff |
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:34
Platform
android-x64-20240624-en
Max time kernel
129s
Max time network
156s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.8:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.3:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 92.123.143.232:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.180.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | aws-eu-central-1a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-1a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | aws-us-west-1a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 1.1.1.1:53 | pulsar.roblox.com | udp |
| DE | 54.93.128.66:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 1.1.1.1:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 3.209.222.227:443 | aws-us-east-1a-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 54.241.62.188:443 | aws-us-west-1a-lms.rbx.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.200.10:443 | tcp |
Files
files/dom-0.html
| MD5 | f1953949bd626df2e46a3ecc6499b582 |
| SHA1 | 116cb54c6430fa89194181572968819f4de02271 |
| SHA256 | fb0e0b65d96b4d3f54fe40f32123685ddb46c8e92b93b0c4ea793c7f81ca2b52 |
| SHA512 | b805a0ed994382b5453a19011295541bc2c4f377ae726f6faf1f0f3a10fa9e608f47527870859db2e2ac309d0e1b3bd5b4f2af6aa99dc0a042cca6bf9ff7f784 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:34
Platform
android-33-x64-arm64-20240624-en
Max time kernel
141s
Max time network
153s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | gmscompliance-pa.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.9:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| GB | 2.23.210.80:443 | tcp | |
| GB | 2.23.210.80:443 | tcp | |
| GB | 2.23.210.80:443 | tcp | |
| GB | 2.23.210.80:443 | tcp | |
| GB | 2.23.210.80:443 | tcp | |
| GB | 108.138.217.62:443 | static.rbxcdn.com | tcp |
| GB | 108.138.217.62:443 | tcp | |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| GB | 18.244.155.10:443 | udp | |
| GB | 2.23.210.80:443 | css.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.143.232:443 | tr.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 216.137.44.8:443 | tcp | |
| GB | 216.137.44.8:443 | tcp | |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.2:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| GB | 18.175.6.237:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.121.3:443 | tcp | |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| HK | 16.162.200.89:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| US | 128.116.63.3:443 | tcp | |
| JP | 128.116.120.3:443 | tcp | |
| US | 128.116.121.3:443 | tcp | |
| SG | 128.116.50.3:443 | tcp | |
| US | 128.116.99.3:443 | tcp | |
| HK | 16.162.200.89:443 | tcp | |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 172.217.16.234:443 | remoteprovisioning.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 216.58.213.3:443 | udp | |
| GB | 216.58.212.228:443 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.58.212.228:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | 188ab80df6adf832c381f5e584fe2da9 |
| SHA1 | e81898c6e39f950ce217577b8a228ecd75108104 |
| SHA256 | 587c898b2c1d43fc974c2b67ee7dcefb6524f75dd097257c5035ba5e147a25ec |
| SHA512 | 9f0c69e871bb706bcc55fea54fbdff9cc7c0acd1c0bd3dc56b706ee8ad7c72282b2a3e66975f2493e859c074ef7bc792f94a33ec0ece70585a58c6c587cb154e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:33
Platform
win10-20240404-en
Max time kernel
149s
Max time network
142s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "56" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 = 0400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083551900000001000000100000004917c0071bcbe9c7046c52368f011df95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "SR en-US Locale Handler" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "German Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "16000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = be30e6260afdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\AudioInput\\TokenEnums\\MMAudioIn\\" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "432100642" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "40A;C0A" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Discrete;Continuous" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 61d5b81d0afdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 ^ 0008 1 0009 2 000a ~ 000b : 000c a 000d aw 000e ax 000f ay 0010 b 0011 d 0012 ch 0013 eh 0014 eu 0015 ey 0016 f 0017 g 0018 h 0019 ih 001a iy 001b jh 001c k 001d l 001e m 001f n 0020 ng 0021 oe 0022 oh 0023 ow 0024 oy 0025 p 0026 pf 0027 r 0028 s 0029 sh 002a t 002b ts 002c ue 002d uh 002e uw 002f uy 0030 v 0031 x 0032 y 0033 z 0034 zh 0035" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "DebugPlugin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Near" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HW" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Universal Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{F025BB83-F493-421D-B9E4-CD1FADFF94A5} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.83.239.18.in-addr.arpa | udp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| NL | 18.239.50.67:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.50.67:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | 18.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 40.200.250.142.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| GB | 35.178.34.242:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| GB | 35.178.34.242:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| NL | 108.156.60.91:443 | c0aws.rbxcdn.com | tcp |
| NL | 108.156.60.91:443 | c0aws.rbxcdn.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| NL | 18.239.62.218:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.34.178.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.128.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.62.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.142.34:443 | www.bing.com | tcp |
| GB | 92.123.142.34:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 219.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
memory/3032-16-0x00000289A2C20000-0x00000289A2C30000-memory.dmp
memory/3032-0-0x00000289A2B20000-0x00000289A2B30000-memory.dmp
memory/3032-35-0x00000289A00B0000-0x00000289A00B2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\60LGMEF2\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
memory/3408-345-0x000001A166B00000-0x000001A166C00000-memory.dmp
memory/3408-392-0x000001A167B00000-0x000001A167B02000-memory.dmp
memory/3408-390-0x000001A1679E0000-0x000001A1679E2000-memory.dmp
memory/3408-396-0x000001A167B40000-0x000001A167B42000-memory.dmp
memory/3408-402-0x000001A167E20000-0x000001A167E22000-memory.dmp
memory/3408-400-0x000001A167E00000-0x000001A167E02000-memory.dmp
memory/3408-404-0x000001A167EE0000-0x000001A167EE2000-memory.dmp
memory/3408-394-0x000001A167B20000-0x000001A167B22000-memory.dmp
memory/3408-398-0x000001A167DE0000-0x000001A167DE2000-memory.dmp
memory/3408-415-0x000001A1661C0000-0x000001A1661E0000-memory.dmp
memory/3408-414-0x000001A166540000-0x000001A166560000-memory.dmp
memory/3408-430-0x000001A166D30000-0x000001A166D32000-memory.dmp
memory/3408-485-0x000001A168520000-0x000001A168540000-memory.dmp
memory/3408-493-0x000001A1697E0000-0x000001A169800000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml
| MD5 | b25e163f08558852f779d70a9f336ac0 |
| SHA1 | 4c053bec4869e1237eac9d4e1c27f6d78bbcc473 |
| SHA256 | a3b64b2cff3a6b0084d2d617d3b9d90937a96a4f0c9b7ce49315d7c3a94ec893 |
| SHA512 | d5e6192cb02afbd99343fa88d94e2969145f8043f112cefd20355fd5eaa2f850c9ffca4c19ac1c4ed4bf8735b8403c1b6dbe6dd401433a026901de94618c3a20 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml
| MD5 | 6a2bc5335dd197fb4ec44d29f345a326 |
| SHA1 | 82db5eda6c4410747f61f41554299f7e0a852937 |
| SHA256 | f9217b797b51d38cbaf4771b2faf223535341232ea40db3b634cb45e37ed2d66 |
| SHA512 | 8f198d84277edc0d18938eeb16c3ff7e811bdaedea63ad425899dd4388ee8b8d71f175a2a4762ac89d74667ad7b36502a520face4c63ae4436ffb6a8d05b51e4 |
memory/3408-616-0x000001A16A140000-0x000001A16A142000-memory.dmp
memory/3408-612-0x000001A16A130000-0x000001A16A132000-memory.dmp
memory/3408-609-0x000001A16A110000-0x000001A16A112000-memory.dmp
memory/3408-606-0x000001A16A0F0000-0x000001A16A0F2000-memory.dmp
memory/3408-602-0x000001A169720000-0x000001A169722000-memory.dmp
memory/3408-739-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-738-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-737-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-755-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-747-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-746-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-745-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-744-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-743-0x000001A163E60000-0x000001A163E70000-memory.dmp
memory/3408-742-0x000001A163E60000-0x000001A163E70000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml
| MD5 | c2e92b0008858d2e83a2992e40988ccb |
| SHA1 | 6e8c4dae15f7868325c3a97f0612e7ecbe1a982d |
| SHA256 | cbc998769722febdb9bf0c16bb88bc03abc7297daf274203f9697978d328a728 |
| SHA512 | 765ce37c60409d8e6718cf488ae1bf2cf56b0af80e4b1faefc0fbd462420038ffd81affb049dd935ff9edd376715988bd4290760cc50a8120e5a5b3dad479d16 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P6D064LF\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5TH9W7YA\funcaptcha_api[1].js
| MD5 | 759ab24cf5846f06c5cdb324ee4887ea |
| SHA1 | 41969c5b737bc40bbb54817da755e3aa7d02f3c6 |
| SHA256 | 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471 |
| SHA512 | 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml
| MD5 | c59261739329a4c270c863c0f0ec0385 |
| SHA1 | f9db3233b4f5ada32aaf34c5ee5221d42a37c1f4 |
| SHA256 | f09db9e9e512fc5e7e71ec2ba3e282d7e49218bd0f40d23092b29f62e7932ca6 |
| SHA512 | bfba3efc9e11a71d6193c047c3e49048bfd72c61b86df3403313eb74b609d4d9d0077dcc47c776130a47ed67039a8a428c0667b5d74434a57b14eb38bbc3c932 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UNHHO5HP\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:33
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
144s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c31d46f8,0x7ff8c31d4708,0x7ff8c31d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.35:443 | static.rbxcdn.com | tcp |
| NL | 18.239.50.82:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 33.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 173.222.211.27:443 | tr.rbxcdn.com | tcp |
| NL | 18.239.94.14:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.14:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.14:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| GB | 3.9.224.67:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| HK | 43.199.50.252:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| NL | 108.156.60.42:443 | c0aws.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | c0cfly.rbxcdn.com | tcp |
| HK | 43.199.50.252:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.224.9.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.128.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.50.199.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38f59a47b777f2fc52088e96ffb2baaf |
| SHA1 | 267224482588b41a96d813f6d9e9d924867062db |
| SHA256 | 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b |
| SHA512 | 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b |
\??\pipe\LOCAL\crashpad_1000_GJIXUGOHOUARUTLT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ab8ce148cb7d44f709fb1c460d03e1b0 |
| SHA1 | 44d15744015155f3e74580c93317e12d2cc0f859 |
| SHA256 | 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff |
| SHA512 | f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 637ecebb208964f1bf3355df550e2e7c |
| SHA1 | 3dc8381a50bdc31d186600d0b97a54293afeb662 |
| SHA256 | 00ec1beb1a2ce91c82207bc1d8d5db92c555c62029f9e44f7c3b833b5d1873d4 |
| SHA512 | feeb540f2e5d4fee285a08be70a7134be5cfdc5695809eab6d66945dcd4e72672d47bb2df703868ccb4b16204ac17c96df7010c6c1d6ac1e01f6e73bedc8044d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | edc5d67904b55271580c2031069403d5 |
| SHA1 | 109b78882f4f293deac82abdb75b916470a8fb88 |
| SHA256 | 9d61f10959edea8a804ef49de722c6915a323d162f4627ab93c0e31c3ddd9533 |
| SHA512 | 87a64127a8d2290fe48e2cca6b0ce3ce7e932e019f4948a86cfec290ef414dbe7daf865400d28fa7df17280be1ff4383270e4274aac84bb6d074fd6a32f3bed3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9e42d62b-6038-476f-9256-0e012ebee30d.tmp
| MD5 | 43bd166cdc13d306ff9c99841495baac |
| SHA1 | d67c76dd50ad1e6b78ea81e8c484e3d0cb4567a9 |
| SHA256 | fa890068f5361129ee23210a6451d5dd93adb31f70562c2bf956f7d7c647a6d5 |
| SHA512 | 67ca6fae38e134c2b8249840a813209d1b77896b6b2a9a337b8001b4162aeb17db5ec6491137e0f714e3c11b1b2b947127583907e33e6e60586c2e45a1952b4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84462ce0534e17c7baab0daf27d27a07 |
| SHA1 | 4a4fff6e4410459fbb5e11547fde51612489eaa0 |
| SHA256 | 8a82cdda19fd15ca99550b64194e16a552396e3008338f3d5f1737b5e86f0ca5 |
| SHA512 | a8823ff3e8ee825bc395c482039311617603c5fe6c62173bcbfd3967b5c374e7face3ed0fcc2eab756196c4d244febb638e6670bd93af5b6d47ff37cb773ba15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1f4.TMP
| MD5 | 8f9614659915640ccfba8ea02d852d39 |
| SHA1 | 53c7e35801f5fb07146ba353024ce9b1967974bb |
| SHA256 | ce82092fafcce915ff07e1f86a54304ecdc328f058931fc357f50e0545d3ae80 |
| SHA512 | eaccd29100c051c826f2831b1fed5b220b63b97e65a220679becb7c5dbf8dec608b725d4c9cc7d0a974af21e2e5728ca0943c4db68575ed2f7232298851c2c8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ef0afacf3542116e7a803209064a32ad |
| SHA1 | 3a4efe6bb1b33f9a9148a5ed9358a88e88bb0516 |
| SHA256 | 4a862141f571179caac1cf3fa1d2666c9823ba27384c1137f3bf29d44e72fda9 |
| SHA512 | 37cdec0470ff8103cc83204ab4b22f6f1dadb761528c5146aea797f4267bd9d6fdaccb1588973dce39e4343196fd36a9719f5f3a074a10fd96c76eb9ed8526a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 18daf572ad4ca0a56f90fa4f0cd3e22a |
| SHA1 | c018fc304bcd474bf2aed3ddc03bd1eb36d1d37f |
| SHA256 | 1923fbf5cdbc69264e7b1a4c2d4cc7fda2c3134b8ba1b10e7139f50582ee2e5d |
| SHA512 | 4d0f9a75fde18b37ae52a74a886a733ae477d89a6173795545042eebb664cbae085c7129d1acb69d10beaa9b6f19fac3628a3a529dc6cfa2020b942f32fb1909 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8c8d02a15bbff6c7b12ecbf590ecaa4 |
| SHA1 | 10de4bcdf48c8db0a706a793afb7cfd8887e0065 |
| SHA256 | aa9425a6fe26abef9cc8a8ed86962dc38a4c6f87e2be4d824c50b8df3067223b |
| SHA512 | e564a9271d2f2cddead0e7b798ab1a103a0cbd88a7c24821b734c662dfb460b21027831bf1d3ff48c00b52d9623c6c04b66c0117c0479bfb4d18bb960c3cce65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c6c89988818665330e98c73937e892c9 |
| SHA1 | ab4be66122260679430365429c8505155ed8ad04 |
| SHA256 | a221b4f8d58dd409c0c332144074ed6b7cfa21d0adb0a70136a55673c1ed9c0b |
| SHA512 | 7a5fd5c3c211783fe97cf1a2d45555c87c7fe6510a565677464fc040b277ed68c85d8ae58eddb9a915c09d39415c0d02305df6e676ea28d89b8a45fe94337483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a83dee8a-b418-417d-a647-59dbc5b25f01.tmp
| MD5 | d882c9ed8c645a92fad2d1ccc0e0b22e |
| SHA1 | 676c82ae6d3b40da6b1cbd9c382e614a7d9c86f0 |
| SHA256 | 20f9c3223eb90bcd4df3d5bdd0569d7a9dab4098859a4f7417576fadbfd781a7 |
| SHA512 | 00cce9d354663bec6d455f987743580a49570839e1bf22e68b8bf58e7d82b8062221433cf94e522cd0943c55b193c0e7b397ade4fa9cb358d608ded3660ce424 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:33
Platform
win11-20240802-en
Max time kernel
145s
Max time network
143s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff93c7a3cb8,0x7ff93c7a3cc8,0x7ff93c7a3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5096 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.33:443 | js.rbxcdn.com | tcp |
| NL | 18.239.50.67:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.18.72:443 | static.rbxcdn.com | tcp |
| NL | 18.239.18.72:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.18.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 216.137.44.24:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.24:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.24:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.24:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| US | 151.101.129.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| GB | 173.222.211.41:443 | c0ak.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| JP | 52.192.85.158:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| JP | 52.192.85.158:443 | aws-ap-northeast-1d-lms.rbx.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 158.85.192.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0177afa818e013394b36a04cb111278 |
| SHA1 | dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5 |
| SHA256 | ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d |
| SHA512 | d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db |
\??\pipe\LOCAL\crashpad_4908_TXSMVLAHVNKRFQDG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9af507866fb23dace6259791c377531f |
| SHA1 | 5a5914fc48341ac112bfcd71b946fc0b2619f933 |
| SHA256 | 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f |
| SHA512 | c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 56cd8becfc0154ac96d5fffd1cd855d9 |
| SHA1 | ca51c5d6125213f17f9d30e2cd305e602e171ad2 |
| SHA256 | 4ed476ce66d72736705b96bb375a11e55edaadd592d38e9c133b293f564bc7d7 |
| SHA512 | 92fdc05f970966efce9e63f15968fc33c9d17ae8bac99497f41d47d0a1d6129e0f228222853aeae08956988291ad1597d76690102907545feb01f254bcece64f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 9bb73783eafd01effd730392174ed060 |
| SHA1 | 27e7708d142740df901bd45ee9bc17ce0a47245a |
| SHA256 | 2466230540a07edfc3ca35ec4412feb382e0d459e790d4df62c5f7171d9d5bfd |
| SHA512 | 921abaf25c8acdb7a1cc21229b0f9fc4d5322fb2bddcef1c0642da6511060be194ff05db0806b3e2226e4e4227c6bf2306d9bd14bd4d326f410e4069a4af6cd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d0d4188094657cf9fbbb01dde871739c |
| SHA1 | c70fa58daecd92e726a69f1bc70f6925a8683075 |
| SHA256 | 7508b5f114dd7c7a6d340159c3c9b9b16e3cf0d4d64fba7922ee776573ba832a |
| SHA512 | 497f77bfd5589c3ab926adf7bbefebe778198981ea7600bf56176b238be34936f0d5e5b163f3f0f8f19d4f207deb62b37f89e2977c95bd05e7c60b68de786676 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 021344275358246ee8bca2ced04516d5 |
| SHA1 | cb7293877378ce75dd526605a44f273dcd3d0218 |
| SHA256 | 8a0beaa2edf2f149245bed672eb5e48f1a43a90e0ca95c2338e13aa6d668b9b6 |
| SHA512 | d38f08ba6319001c574ff78fbe766e95c9c90c189102bd99784a5845756d8a858c1b5efcadd454b36d5f6da908fcedb9b21c07e2ee163b52b7a187443c1cd1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa9963232c29175d148cc6694869f07b |
| SHA1 | e770504e67a78779bf08adac66de83a245d4607b |
| SHA256 | 26efc6af7ba2a9bf7483e479e7428ec6cde0df677598737668a1f28dfef798ee |
| SHA512 | eef4d0a8f323d6e6bb0a233c8f2f2b570facec7a0b4c78381545d75a1b28c44b2cf92517a9453d180f3b82120ff97adff5823c97742718e3bb90368418e24277 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b102f3962b2edd89bc6aecac7c0f9fd0 |
| SHA1 | f1146e506c5b0a04930ccba25afdc1bcf0113121 |
| SHA256 | 1f05a137ac9317248e2baefb1db8690f4259d849110b03f1eaedc2c7cf67fd39 |
| SHA512 | 106abcaadcabb10367ea16aba5073c39402dc3c4ed62f05dcf9f66207b21ebcd1435ce42769beb9ba17d12afa7e62889c1bd4809a70d3fceefaa42b1f3ad46d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP
| MD5 | 944c623a9cb6229e55d19e8006b0a439 |
| SHA1 | a1ffd8494ac62e026d1629fde0dad6d5c741dcf5 |
| SHA256 | df0b725666d63b84f23040264927ff08c64fd296fada15546f5d29df50d5f30d |
| SHA512 | 7912197c0c20e9323c5d75398d028114758de467ab65936269bba61e2ef683ba5833eef57a23fcd25b6e3c29422b3683ea16a458a6bea4056dc0a8b540b4c6c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae8dce97ffc55e26eabd9a88dbdac828 |
| SHA1 | 73d86ac694189e9418200fccbb250774e5dacf1e |
| SHA256 | b00052f2a332f94c318cad9c8406f9f5b3fda3067fde614cd3daa376af439751 |
| SHA512 | 341952a0742aa583c65f590fab6dee77265adaeb00c3ecd32d8f7a53c6b1d080166cf7fee6fc4c5910f40add021f87bdeb09c0a0286895269310cfcdd54f0952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 66db3b2874038e74c7a20d0ac534136a |
| SHA1 | 1976c86b3a0c48edfb68d8a6cbdbdfffa84f96c4 |
| SHA256 | 47735a7e913d5476989eb8af4596f7143289d84bf19e6ead7c15ffacb72d93f2 |
| SHA512 | 216cca8a17f9069392b09f3e6ad1fa4172cd25ffd10e7a2b8d01091c106cac33d54e381bcfc957a5eabd7ce456dc72b984b5b809863297652c9cf31684f5944b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7be4957bab796ca44010010641ad8c5c |
| SHA1 | e65552df948049efc1232a25e33f85138a0b17db |
| SHA256 | 5f05183b5a36bfa9f49ed7ca83c1821bbe2af1c8b9ebc1d7e36e5620d4dc7ebb |
| SHA512 | 09b49f57405815ecb74653ee84376ab623e58b069231535eb4b5fefb53f80130615a86adf0afd6408ac3ec97b30bd3cd2209405f7411f65ec3c5b4ee388cff38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | abf08f7b9cfaba86bc5df9dbb45a39e7 |
| SHA1 | 16bfea8680d5730d44dea8a9ac8be6555494f0b2 |
| SHA256 | 99d48f7ace2a539c7667ffd09cf70102040234045e68e80de57d5667beb0bbc5 |
| SHA512 | d31921581bd68b1ea20e68796e2ae60b2a7a108336abfa69c618516c800a8f2ab7beeb90fdce36b95b22daf49de03ff14e9e01044340ee68f012e348a6c79f12 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:34
Platform
android-x64-arm64-20240624-en
Max time kernel
134s
Max time network
148s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.149:80 | r11.i.lencr.org | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.83:443 | js.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 18.244.155.22:443 | roblox-api.arkoselabs.com | tcp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| GB | 2.23.210.103:443 | images.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| GB | 216.137.44.38:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 2.23.210.103:443 | images.rbxcdn.com | tcp |
| GB | 2.23.210.103:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | aws-eu-central-1a-lms.rbx.com | udp |
| US | 1.1.1.1:53 | ams2-128-116-21-3.roblox.com | udp |
| DE | 54.93.128.66:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 1.1.1.1:53 | lga2-128-116-32-3.roblox.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 1.1.1.1:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 1.1.1.1:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 13.57.45.211:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | c0.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| GB | 52.84.90.6:443 | c0.rbxcdn.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 142.250.178.14:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.200:443 | r3---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.200:443 | r3---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigzrn7z.gvt1.com | udp |
| GB | 173.194.135.105:443 | r4---sn-aigzrn7z.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.234:443 | r5---sn-aigzrnsl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.202:443 | r5---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.10:443 | r5---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.198:443 | r1---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.6:443 | r1---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.199:443 | r2---sn-aigzrn7d.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7e.gvt1.com | udp |
| GB | 173.194.5.42:443 | r5---sn-aigzrn7e.gvt1.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | 8270ea307fbec732631735ec1970099f |
| SHA1 | 538c1a8f85cd0b0782eebe9a26bfbd867d5c1e51 |
| SHA256 | 8f335fc92e629da2c2baf053c92211802feda0578b6233d04fce1e0719ceccd4 |
| SHA512 | b0a86b026696ec364d31b07819086681f6c54f736fb55eb0756e2821806b11efcb9401b82ff03709d6b46aff02f3925ef51e25ea1dddc49875135d1aa6548971 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-02 07:31
Reported
2024-09-02 07:34
Platform
android-x86-arm-20240624-en
Max time kernel
129s
Max time network
138s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.3:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.6:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | aws-eu-central-1a-lms.rbx.com | udp |
| DE | 54.93.128.66:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | pulsar.roblox.com | udp |
| US | 1.1.1.1:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 1.1.1.1:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 1.1.1.1:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 1.1.1.1:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 1.1.1.1:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 1.1.1.1:53 | gold.roblox.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 1.1.1.1:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.58.213.10:443 | tcp |
Files
files/dom-0.html
| MD5 | 00b9be88d2e59a9bd072a742504e96ab |
| SHA1 | f17b04c5be8b58186fd62763e2717c7efb4b2a9b |
| SHA256 | 58583289da022b03d9b63f4eb6b1b0c5bf043708b11ccba043d8c20c6177248c |
| SHA512 | 92de5b23b66da40f41273c24b1d1b1edd43c4baca2eff05ccf67a0b860ab19e7af86361f5c07596e259f2255263a9522dfbcbbed256f6d1a5e3d7d381a64ceeb |