Malware Analysis Report

2024-10-19 11:15

Sample ID 240902-jcgxksvgmn
Target https://www.roblox.com.bi/users/5445740091/profile
Tags
evasion discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.

Malicious Activity Summary

evasion discovery

Drops file in Windows directory

Resource Forking

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Checks CPU information

Checks memory information

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-02 07:31

Signatures

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:33

Platform

macos-20240711.1-en

Max time kernel

149s

Max time network

153s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer N/A N/A
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/usr/libexec/pkreporter

[/usr/libexec/pkreporter]

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd

[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged

[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=28]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=280279736 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=62]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=280348023 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=62]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=289225564 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=71]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=290033468 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=290125103 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=290325524 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=74]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=87]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=95]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=95]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update --system]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=76]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=311471402 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=117]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=122]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=331918973 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=124]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=123]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,13658923804616907055,16136190979485442825,131072 --seatbelt-client=119]

Network

Country Destination Domain Proto
GB 184.85.51.234:443 tcp
US 8.8.8.8:53 41-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 3-courier.push.apple.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.roblox.com.bi udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.113:80 r11.i.lencr.org tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 34.104.35.123:80 tcp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
GB 2.18.109.84:443 tcp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
GB 142.250.180.10:443 optimizationguide-pa.googleapis.com tcp
GB 142.250.178.3:80 www.gstatic.com tcp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 24-courier.push.apple.com udp
GB 142.250.180.10:443 optimizationguide-pa.googleapis.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 tcp
NL 18.239.83.69:443 tcp
NL 18.239.83.69:443 tcp
NL 18.239.83.69:443 tcp
NL 18.239.83.69:443 tcp
NL 18.239.18.116:443 tcp
NL 18.239.18.116:443 tcp
GB 173.222.211.33:443 tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 tcp
NL 18.239.18.116:443 static.rbxcdn.com tcp
GB 173.222.211.33:443 tcp
GB 173.222.211.33:443 tcp
GB 173.222.211.33:443 tcp
NL 18.239.50.59:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
NL 18.239.50.59:443 udp
GB 128.116.119.4:443 roblox.com tcp
NL 18.239.94.64:443 images.rbxcdn.com tcp
NL 18.239.94.64:443 tcp
NL 18.239.94.64:443 tcp
GB 128.116.119.4:443 tcp
NL 18.239.94.64:443 tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
NL 18.239.94.64:443 tcp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 52.21.2.64:443 aws-us-east-1c-lms.rbx.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
NL 108.156.60.108:443 c0aws.rbxcdn.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 173.222.211.41:443 c0ak.rbxcdn.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
SG 128.116.50.3:443 tcp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
IL 34.165.122.223:443 e2c63.gcp.gvt2.com tcp

Files

/tmp/com.google.Keystone/.keystone_system_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 b9575b87a45979d0efd5460c4d0bc1b4
SHA1 8cfa85c8682bfaecffdefb48b6183dceb6755e22
SHA256 d8f751f99675c4d31d552bc0aa6c2ba2765b3a41a694c3f7a9ea5925f8b29f3d
SHA512 bc7aec72d2c76793b02b3d7779e71936d19385670d21c4367f8f55af8c8802fb1141a0d64a9e6ed43dbf8dc9e9bfd4dedc58b1994ea1a72a3c77aecd3198d2ee

/Users/run/Library/Keychains/login.keychain-db

MD5 5b5f9de7d783ee06a5ea6517d1c420df
SHA1 541fca27fb23de5614530320c89b52d08216d87f
SHA256 9641dad71e53886818dfd7478d2ee2c5cb913782fa0345765943c066412d5ea0
SHA512 1881694134b63ff3b55695bce2abb657318381762f3046a533c3f3fc373d01b7538d2247422b76f208c6cd052dbcb1c8c18399543bba6973274c3325b2084b78

/Users/run/Library/Keychains/login.keychain-db

MD5 cf015591f14862dfdf3f7a98f85be565
SHA1 881bd30ccce32da21fa719d37a2b824fd099eb7c
SHA256 f15e8c85630c13c1b7a7e05926ee745eea7ee886ee0f949a2881600694fd244c
SHA512 7495a4328b56cfef4e6ae6655a0d6ffd7224d3277a01c990ce5f612991a711256b9bdf357f4f7d4a8b394de645b66b261d0f2b1690f777fbe33a561a3ee31c8d

/Users/run/Library/Keychains/login.keychain-db

MD5 4a10ea6c4b585d2f831f56bdcf3c455b
SHA1 3bcba69545ead1263a369577ea570f1f91053260
SHA256 b9b3d4eb2c016429d77374874caf5decbc1d8aed68d18b872e68d47fb301a0c0
SHA512 ee891bdd05e7aba1bf84cf2538e95f0f1a8c0a4b17453016a8460bdfb4bd30de590a7a85373617c73ddcc1801d5ca6c445a4adecb55138433327cee4a2f326e7

/Users/run/Library/Keychains/login.keychain-db

MD5 0693d8596680a66202d15bff8360a0e6
SHA1 4494a7ba806914c041df7814cfa63be25ee2d9ea
SHA256 acc612f510943c9928b073ab0f882db83085f4445605851931090ebe7cda0c4d
SHA512 f6d4e41c4f92ba581f1e976fe61cb4d718755955a2a68f254197219fe63d265325dba2527a19c55f5edc35c0018f3befdac874a03357a762de8f1ef68098f2ed

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/Users/run/Library/Keychains/login.keychain-db

MD5 4314e7c34f93d934740936839e8d2fee
SHA1 441705a344dc633be42d20d9e9e2fac01d9e5a62
SHA256 2fcc0da5eef8fa3abfb01d8c0223e274bffadabd7963a049a4131f60c931bb1b
SHA512 5b71ad945b7abdf36ac02af748a674f87519e1b228fbc0a188e02c8546d62165e4fd3470f72d82dfdf93fca91f5159e9814424dc877267aa80f068ca37f2e56b

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.jXfuH0

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 17a2dc5826aeb539547f00f52eccccd5
SHA1 fd36ad6db84312792cffac0267f6329b21727d66
SHA256 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151
SHA512 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 ea517aa120c972c602673d331dfa35bc
SHA1 7ff539eec544cf306b80137bc182fb544e58aad5
SHA256 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da
SHA512 e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirJgDQWP/CRX_INSTALL/images/icon_16.png

MD5 344554d96e418120bd80ef5de5194697
SHA1 23e141c3a6ce368acc1c299f062ab85914bcb17e
SHA256 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
SHA512 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

MD5 6eebed29e6a6301e92a9b8b347807f5f
SHA1 65dfb69b650560551110b33dcba50b25e5b876de
SHA256 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
SHA512 fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/ef2a1dfe-b561-4383-ad09-6d0e9f70f63e

MD5 5adf364735dcbe6bf26ebe3f705c9dbc
SHA1 a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46
SHA256 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340
SHA512 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/11db5c02-2436-4a75-803a-0edbc7729b27/model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.4sq07b/obedbbhbpmojnkanicioggnmelmoomoc_20240823.667410168.14_all_ENGB500000_bjx5pfk22zvlrg74ds2zbjubhi.crx3

MD5 fc8c03bc80a915b437a42a43903fc760
SHA1 a4be247fb11ef9d7ec5a52514cfe3f729fb16b4e
SHA256 146b6a960bcc2c889ba06b8fcca482c04e53e66db6913d32d482aacc1016811f
SHA512 53facf49e100ba0a423f93e81b600a68aa54af1280edb8e39bb785bc0c418f3b5ca6f8a8b313bcf652687b490ed71ef0dbb07c4794b22613aca68b2a4556d606

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.0R0r36/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

MD5 72326a22c279498851ae0331f64c001d
SHA1 ed2e9811491e6dcb047cdc5ff8c20f75091c1f99
SHA256 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541
SHA512 c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MIqxei/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3

MD5 b2dafe25aea793b54de2becceb187c6d
SHA1 c161e609d50f79ac43b26bc3ac501c06ee1f98b7
SHA256 e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a
SHA512 9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Mdt9Fe/7_all_sslErrorAssistant.crx3

MD5 636c653ec2c30bb767533901a18669b2
SHA1 4b5a01cfea4c5deb62f3aafa01ef24265613b844
SHA256 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a
SHA512 a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.1eemjM/jflookgnkcckhobaglndicnbbgbonegd_3040_all_j6kvwuv5hzxeixor5sxkklnez4.crx3

MD5 74380408f0ea043c6c7b97ac9317a0a7
SHA1 f54af3671a592aa5948039563e358474e50886b4
SHA256 2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0
SHA512 7510500d90fc86956cfbcb1f5f207dd3ededf80ee04c2ab2f09838967d73872c51879b60edc35c7ecc8a53d49cf564e9c2fd51b263f04f846d149f3db941962c

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.gV5CnE/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

MD5 cb79d407a4d6d8526b42060b9210b5c2
SHA1 331e3d66e82e130042897faf86dcbd05d7b227f1
SHA256 e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165
SHA512 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.smyiV5/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3

MD5 667e9eec04509aa9e2b318f580addd8c
SHA1 346267ecad10c54de52a3aeb766ea72449500326
SHA256 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f
SHA512 a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.mz7GgU/hfnkpimlhhgieaddgfemjhofmfblmnib_9080_all_adyqmz5d7zknugejsqqetolhvjqq.crx3

MD5 a2e8576c93481396bf37747a2308fb89
SHA1 eeb4826f10a66e9c8a5a811bf488c35a3e00b0f6
SHA256 34c9e8727957f05b0fb1d6c61bdd7cef50b2293169e6ab31e3c54d8db8f0ef6a
SHA512 202539d71cebc2bbda5142616b07564fa94231ce1f969b0ec8b914d7a91e92d0916c2044c7264739d076d936dca04f9f86f9b0c16cf37dd2e4c797fc8a943451

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ym9K0w/eeigpngbgcognadeebkilcpcaedhellh_2024.07.12.235938_all_a6r64uyugl6fjh3lupjqo6w7ai.crx3

MD5 5e35055aa7583eb7c42b10833763abab
SHA1 a8285a121e4cceb3cfb6b53827bd1cd3682af862
SHA256 8814cb6cab024b119ab991ad7acd74f4df7bc68bbf86c0903c8be9852a5baa55
SHA512 79006925696ac264d2801fd41fe632e5c2c9261a285d4e7a4368782f682cfadc6cac2b83835904a28c4734544b2b4230d720f81b7a2ee4c4782562a53858d952

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8aSq9r/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3

MD5 ba0c44cdcbb9f1a8b1b2cbed95346caa
SHA1 c9a5e9df64b46db7bf44b091da1c5553137bff55
SHA256 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948
SHA512 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.RkZPL0/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3

MD5 49ead9b7d2b2ec477daba795de846db0
SHA1 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc
SHA256 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a
SHA512 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 747aa28b0cd626aa74f13383e16c59b0
SHA1 3f5cd2c7ad99c897cf431c25668455c6763cb03a
SHA256 06d3c57937e01b95f221e88255157da76263d3bb8c606cc1836c3697d0461e78
SHA512 12722880a10b20b86c76f5ce5fd09043d0de8d47b37a4f694789fb20fd662379d9b8728a38741094f0a99d9f6f653daf25a6309768977eb2fe39fa8ff129dca7

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 81e74c038daac3120f8c795d461a3b09
SHA1 0c8e95f1425c99796806bc373f28026de00b4ea0
SHA256 c90c39251b926cd310340c81e403c615bd0a8ce335a2ce1bd03db92ae1e87af3
SHA512 c30e6d3fb02184400ce687a018ff0b811285897ccb57a9c00bd694ec5e4b1e723c2388501ec5963e28ef5c94abcaf979c25b9597308c3adc91bcf692d94e5a79

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B2tpPT/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 3b02161d6040790a2fe9a816b80b736a
SHA1 eaa9d64d4abce5aca8c81b7e56bc5ea174e6eaf3
SHA256 34a2eecb9c6c696a3093b4ea13f45899dfc1f095c102dd97a6f359c505add23e
SHA512 ebc4934a56d871a1797c65758064ad4c109637d6435492a9f65281d06df2e4ed7d98a92ed15dd8b3d529d5a7a223edd3e025a625eea6be0087dec07f0a044eb0

/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite

MD5 a9803d560544e4d1fe551b2c113c5370
SHA1 a998fdb1e80dbca61267db112812a7ee34b82dce
SHA256 d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72
SHA512 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aqthFU/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

MD5 2db7e78c310ca8e73c069a604eac4d99
SHA1 a6d1e03514f8eba03ab81f1380fc54aaded823b6
SHA256 cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85
SHA512 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data

MD5 c5e30274fe7b93847f6d7c02410d1209
SHA1 488a49f38459f29e110c706c51b61ca1ae3b0e26
SHA256 e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea
SHA512 bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.8A7Did/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3

MD5 a40c655b337e082c76b6ab04042b7ae0
SHA1 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8
SHA256 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff
SHA512 fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.kSAefj/efniojlnjndmcbiieegkicadnoecjjef_1062_all_adeocrbltt6ccaniukpklryf3ibq.crx3

MD5 58177ccd3bf9e82220c0d4677e677171
SHA1 d5d2a3cd1576b65db1984f196654252352b76223
SHA256 22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d
SHA512 4ada72196a0aee1d67523008fb1c9a8726c17a79f6df6b721c449389090f679cd1e33545a478998268ff51a0d0096ce5073151523c76fa4b9c32ce728ed73851

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Ityjfk/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3

MD5 91e1255f92fc76b16509bbd174a992b5
SHA1 44cbc6b7b60470149850d375f2e2ae95cf1c012b
SHA256 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744
SHA512 ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 91a8d56c19e60520cf00b78a506b87f0
SHA1 a794be44a680983ac0f87b1faedf064a65016623
SHA256 b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29
SHA512 efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 ba83248e2c0e5300f2b6bcfc07f7b4ba
SHA1 2b7b9edbf705b87e2d3b767ee5e623ed39df3d67
SHA256 e46ce1666bf6f9fb5601402179d42b06892a6498ac875101d9321af2292c3cc3
SHA512 9e8031aa93348265bf30552bbb581fedf7cca65739fdddb224495ceb0a7788d9877aac82f4fc6eb215041affa9c038a8846967a1cda9733f6dbfa87dde2aeca1

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MFlF99/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 72e01c325a6ce1fcc89c7d560f4894d7
SHA1 ee5d42b804dba3e9c64648eae6d5f0b3be056cc7
SHA256 846b8c5c95f9840c5003a9421ad86c2cf8e517d677ad88eea639a3850c988e99
SHA512 d4e043340334bd5b56d8a1df174b84f345651d69785aa9c0537adca09ac80d2cebe6933aa2bd60db66f172debc3f6be624934ddb915bebd9f99ba6c47c9aaf08

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.JYGLsK/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.08.10.00_all_ngbcdbf23y5deox6qfrqcyni5e.crx3

MD5 b22ee22c7bdc09a81df6804e2843ca2d
SHA1 e8b4df8defd371e9af3e053681c7c54cabd29544
SHA256 dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4
SHA512 cfd33ea1156241d56157d5381c48be65e80290ac5bcb541c0aae0ebb3e8010bd6eba8f74c77a37a17acf9b5a1c2c0090b61b146385689344c34de4ff7c0c704f

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:33

Platform

win7-20240705-en

Max time kernel

122s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000000ef96bd5f12822acda480b120b40f5f53148726f885c9beaefafaf7bdc95c008000000000e80000000020000200000006272a289b830853fda084c9baac2c98c2dbbbc9b27518d6950eebc074d50f95f20000000baa0998100a3c1f7629bdf58ba583e11aa5b0dbc8264188916c887591a3f0be640000000a521e44833850012db934280decaf949b9e238ab754347319d72d9e07c5dd60b3f107b579043507b3183704174d65e9441ba7db1fb7bcfa4ff6cb90ea2a6bfea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000522fcf9a3348f20927632ee6efabcef1c2817e0bfab561812846005cc183a224000000000e80000000020000200000006af50ae2c1db9638fbf5ab0f0910a2f7be163f8dd6d5a3774c52d11b44724c8c90000000985afa25bc8ab40b2ccc5290e7be31af969ffe9bbe48de2b34959902ea841f24e6552dd9402b4d9ee82982e5700ddf610d06bbef2ba9740b4a3789d85b3e2e19708a56614f268cc0a62776737944aabeee816822646daff0415a66dadb9574d41bac6c04b11eb93d0867ba7f35a5d290513eb111dfd54f2daaab79efff20a0edeee73a89d9a162f69247522c558ecd8a40000000c63d834203f56f12eb2d81d3cb0a4a19bc670afc68a62565dd32650adbac3c159cec6468940f80912078637110294d875101b01fe8b473bc484768c0fde85503 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703326340afdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431424151" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
GB 92.123.143.113:80 r11.i.lencr.org tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.9:80 r11.o.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
NL 18.239.18.35:443 static.rbxcdn.com tcp
NL 18.239.18.35:443 static.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 128.116.119.4:443 roblox.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
GB 216.58.201.104:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.50:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.115.33.219:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabC81.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC84.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 faddf4e82e52c031e2bac43d4858fad7
SHA1 ceeadeaf9066d00e3eafde5a03c5c63e107002f7
SHA256 6727effe75780bbfec04f987105db3d55f02895768e22ffb0e01be4eeab26725
SHA512 ce87994b9a859bdd07a30efb11b476201e9dc3db3f92f3c758cebbd4d4cab7a41425efd75b3dfe065bc474706ed14f36754a53b14117c09c6f17bc10e3d991b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 a2b0e314204260e9d2d832d594140246
SHA1 2008321d4dc02c65591a39576204d6875ecee8d2
SHA256 d8b7e978f9d9b968af88dfa63e3acd94dc0b7061b9471c342dcef86649e54c41
SHA512 c27974df42367b69c72e12fb528462b29756e5e78b15ef91dc692b5918300adb6d02a68dafa6d2f6d503da7691969ca9e7a8b7eae0a643a4d54e6a520fdfde45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 c560e49dd961b587aae48b7d36298a95
SHA1 f90f2b37837b18c0889a487bfe81b0cdd459e082
SHA256 177e70f36aa9d2f20f54ac9476d87b6de0981039e732e42d58d6b5e647202448
SHA512 d3ef1157131c09390b36e2301aad3f54c3cbab7594ace9a6657bc555ce733386ed207a96128b44d8f2fab95154c4862c58cfdbac85a7e31b70d74418ded8f590

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e0423320db99923f04a2516e42752cf
SHA1 00a1d655f99ebc47f0c8fbede10f8453b535c43a
SHA256 b830141eeca98a210d227f95ea98cd5887978fe3fcd7737a20193af186a5ae25
SHA512 706998c0320e95ee929a54886854fcede85ec9445f975448ec9c79278f383712fd939a9054816bc678805a73412c1f54567bdaf697046c1f25844929b498e300

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 6de9943051e1e7b85622b90afedb7982
SHA1 b75b43051943bd90d93a3bf31068e8ed49dedc95
SHA256 acdff0ac5844b1a1aaa9023530b5973f7d5f6a4b58b33d4b4bbf8202c5cdd30c
SHA512 3d8b09a62ab76bf7837853eb05fb6e5e2d5f533620cd9217dfebb8736419e1af0dc8c89187a9301e016b1ddd9f6ff90b2c6d2ceea2d811f414df5c7e20144267

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfae84a330172045e5c90dd8763420b4
SHA1 dbd058949f21838d91228be56db259ea44e9350d
SHA256 1428cc10fcfb7d3acfd67de4d9476fefe2beae628b96515d766422b3a2fc4494
SHA512 c28dd74d148f83630f21aba18787c73fb66339f93bf2c763150e55c2c7df40c5a3daf77b9654f97746c5b22f2e32791f07a1c0aaaef5be4585961b22d495dc49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3236b48ef17f6a2888549bf4718116a
SHA1 3e38f686820929a41cd762ecf06a03f3ccefc48b
SHA256 5980e00f33fab810cf551f3884c8ce519eef597114a5bed18cb7e64999927465
SHA512 d6c61f3b160738cdc5fc42460502e874d121ab39bd28e5771d34b7676b3aa58a09841254e273de133598c178d11212d42f67463b0b5af9504f812e88912a298d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 0a8af51caf4444c3745c0d88b8a97513
SHA1 2c52688f1202c9c7120cd05e633b9d28b0104cca
SHA256 1d47f45e7d68d43bf4d1d4e590f477ccaa2e0078123db62abc7185a53b4376c3
SHA512 e110a5d0d2f6a85fcae18ff6d8561c2276fda0810b1bdffb55ba9da499c5684536ed526bd3625e3feea8a6195217a94f7cd7e6b21c704f17295199e17f8cc116

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 998c51304fee11623430743495c1185a
SHA1 ee6d6bbe8646635b62ce030c177bb56602aeb736
SHA256 f546841a74a880b5c7f6713aa12a7dc0edee1265fb59416389f83327234337a6
SHA512 4c3e24fba9fa1b1c240522cc16a58d1d5ee8e2abc0a7dd5a3aa5062702c319f135abf4621080f1313b88edd2517b17cf29760da40e7b7622490e3a86270a0d69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 da79160705f9d05cae67a9058568c00e
SHA1 d173eb939cfed2094e58e9bbfc20cfaf9f2a8fa1
SHA256 6f82c4082a2b73aace563cd6a0967d892cb60ee87463df34b9a125994097ea1e
SHA512 f97906319f4f4a2aff34931a255373b3ace6721875f2030affbe737e0d3dfae07814a9593e4c610c1ff62c5f07adb6a8df2797f92d4dbddb8453b378258d0d0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6420120904600b996919277932b02b81
SHA1 ee0b5eb7dd0ff95e31480f58c19e6dc4a1e88364
SHA256 f9b1a13739055a54b50a2ca874b588e42872ce1a1d85e60e5279d0e6e33a47b9
SHA512 57ac19b737ae5119b0469eb2b8ac6149ec0c9f5c98a46416f2260df60cf8643648301d0034b909634e65b5dc7396f4bff97d2de3e50a56ce6e84addd4836945b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2aeb4cb65cdf208f2e9b1ebe7b44614
SHA1 f26b13508ebacfffa2bc487496b21f1b186d3cae
SHA256 682c72dc4a5702d95a61b466b0416032d6c9650b3cd5a03dc50f6f18d2c47222
SHA512 4751c2b6df586fc5b20cf50f1ede6cf11ff4a9eead81ce0112e1db1795733ace432567902a3d0b995a48443a94c8dbb8364a6430611bdb60dbf70f2f5ce111e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2f5dd4d867f5311fbd9ae9951323e68
SHA1 ceaa6965dcf2c97ea25c754ea8e3c93c5b6a6a5d
SHA256 b80ced390544dd08379edec68b829cbb07d94911757a130874515685b71532c0
SHA512 7a0c0827e33b2f080d9a157f758111b4c72bbca315928d08eb296fdaef98db7611b7bbd4b19f6f285254acb3dbccd7bed71473c9a0e8817e9262a902a06b9837

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e280e6ae86f8aa9f8ea4d3c583dff77a
SHA1 e776aba21a052dc60128d8915429dcedc2b8cc8a
SHA256 8cc122bb2ed6afbc1a8d4bbdc988ed1465d3f1e731910bbb7577e19cd400d822
SHA512 9b9528c964e81f519bcf93f3185b8e2cf52708919ecfa7041a3f2a0b8fb7f5d7455ea9af760d8b7cbc150e6efb4904a6dbd8e9ae59f21684df929beeb2de0f49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecf9317d2d5122b5c91b1fbb34c697ad
SHA1 2fb88d215f459f4a52ab6146abbc4abdbdf18df8
SHA256 11ebdc33c479f186e2385b3242dc111f111c71ea0537c9ed7ea4157c3986f1e2
SHA512 6f24993c5c11937d7873ad6928b7c4e54abd8580f031d77ecbb56b47d865b5bb71bcb0091e4ad6c855a85f84abb861502baf20c45cab8ec2cf822e217975793d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c0acda6bf07ea46455109570b5c1a52
SHA1 3710dbaea697d0d32ebd0b4967d99bbebf132ef1
SHA256 3a3f0a660060b6af7a67fb2703fda8eccf4f3bf09435a32390756c56148e1d28
SHA512 54e91168a410e3c0e0ac5c55a82fa5c85c0ccc318f3e3348d5a14efb65c5e188d3fe954467764356de10d91fd6a3096d514e92941df5df3998e021a7f8ba503e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d93f313ba0ae740727cf32a913d99cb9
SHA1 221a5d0632d8c172996e2ef0b6032718f56183ff
SHA256 5c11427f6fdd8bbfd91f3bb8270ece7b5cacae93e37d6e3a59e14fa7d40544b6
SHA512 675e26efa20d9acf2f989699d74b650674085d11fad65484e48e22af32376b1d4d9792e91ec28b8e846929736d4e7f3e992abd8c92d876581a6b6c5c8a999316

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2193bd3ddfc9a1c7b2d5ef5882186e7f
SHA1 6935270fc229262da19dd47bd761fd7a7176c293
SHA256 735abdd1c1921e0991304b716dbdf6a62f18ecefcb1b45ab6b21b5647a77785b
SHA512 1f9b799bad3a307fe5f19ec513324bd3971f8af3017502ce41820d3abd5949874d36bd7f65f3132422124734a4bb4fa671c90889f7c7670412622b85dfde0b51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 600abd732c0fb4abe064ad16c041ab39
SHA1 b68f09ce6fe1cfad50dd7bba678531df10b0669c
SHA256 2349323c1f8ccddd787849800247e2eb36f0305f5db62dca71773347dc6fb98b
SHA512 5802663633b0b4b75f031319ddb14af7a47f00473ece70578f111eff0eecaf32cb54b41f48f6f3d10d28889684f1c9f79c776af625a42cd61895e777f7757449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 5136c0da506ea611c3629be2b948ac1d
SHA1 cb7d7e39ff124b8196c24c4ec74220eb22ade0dc
SHA256 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed
SHA512 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 9ff3f0fca6c4a236f58309897da71ac3
SHA1 1decedbefff9821fc0834a1f5c84c917ee87e668
SHA256 2e34198c4eb2c7bc40203798f74227b107460d1fe7ff4629e7886a7262e30e02
SHA512 659e4119f706c9c6ed36bcc55e388caa0f4a9ba968f5e5038f277666f574ab90d0bc686a18a8a97f3df98fe771f204cf5e5ff80dc244bae387205b09f00deade

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 09cb6452f2b3211c61c77f35b24efd87
SHA1 9db59ed75db1e89c152ceedcf0726253a4baa33e
SHA256 7f922db9fb7278a41289178e42eb97065ef885353744c12ebd8e83771468c6e1
SHA512 0d66e3dcfff089d1e9fe1c90f0200ff35d729f811c6ec7ced8f6e03583c5dca06ae5181f002a05e16175e09c0091671ab6d2c254990861f29d780414ed36c7b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 ed4a3b5c18b1d844aef5c6a1adde698d
SHA1 72140e9aa03d87d8c90e1f20db03886d98484bf2
SHA256 e7386bf691df2f47f4bc827a87299e713ff85d708fe22ad3110d5f6119e43e68
SHA512 a74bf70d7a669eee5987b764891bb394d5356b3616beaffe5eebc06a64003c550427b7c8b31bbc46be7f4501ecd12bc2c88b5d38f3d7f6d38ffb8217222cfded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 37f3961a453ec51c2715bf15922b754f
SHA1 a35f095307f3b86f3c32040264e59fc2d06dab28
SHA256 ab305a9e0cd7daf4fbb8fe7247f49cbaacf43e3cb3eea5a50081b0abe7ba4ab6
SHA512 912b7cf0d41a74627a10bf28c024bbe452e723b3a46369c2bac221ad7867eb67a48f7e1679c85cc5cd8809b5d66a5ac34e6116efe9bb169cd6d75f7a9c747b5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 d4576f98cba18c5f042964afe0e061d6
SHA1 6890358761a4f90e9519cbc06cd8f999d80a465d
SHA256 4446d72198a14edfba41616ace6878e1a24aea2beff2e8ed8e71c3e092efa677
SHA512 afd5518f79955ac4bba302606e4baf37291f4242414936407f11b5b00090d8f828b88f326aac7eedc34c224f74f853f7b7d259de2a75a4a096562c9c1ddb4bd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 4a2d3bf5b1d54452e4dcb35f014290aa
SHA1 41fb1a891a3c593f78ae447970613ac18c33dbd4
SHA256 3b3d24f250571d4cc659dc8a9262f7ccdb0892cddacd6765066b62ed97bd313d
SHA512 413c1416221baae0140117ea6f4903afc2605721e22308c723e4a20391ebcfcba3b6d24a12e46fc53f935d2d93a71b532febf47cfe244e0e00cafc4c459b6a95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 73ca4d18997fd071a27e215d5c0a1782
SHA1 9a74dc5e4b2f8f057b2be32f511f3dc49f8745f7
SHA256 4c17182db67ceeb60c7a3e2a6a7bd385e67085d5005aef703123da4495cd6a23
SHA512 09de6fb6216255690ac883be324a10d69392a4e36e0d4de6ed6982f89d39fd87991e7ea2c6dcf5ad7dd424d06e5e14f765d089650df127d0ce4c790c5cc9d553

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 2f36a491e191adc6d4907036b7f94c87
SHA1 ce672522d50060a4bac90d102487252fb26556d8
SHA256 6ce14c1fd1e886d0d367abdc1e428068c3c660031454ffc45e233b87ce9772ef
SHA512 3898b9119a8ba991c53af9680380df661d8f6f990027a6a139d0a3d78ac9f775993d5a7dbc982ee4e2b5a653daf74d662ce2ebd4b9f8c040634ed668b0247200

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 53d960063761d7bd2cbd194171f87efc
SHA1 9489b5a62bb6db70baf986601b959418b11af3fd
SHA256 e676f1064e44d6e4ef91c81c0198cad7b9354f4affa4046799d1bcc982b96be1
SHA512 6a2e783d2990c9fde91e0e68bfb70344ba33c330cc1acd9c5b1b9abb1052a350cd344f28ef9c22c86783ab9fd2a3b0322104e69917029d492b5c9fe1bf68e4bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 85279382451f09cae88197153581e4bf
SHA1 c5ae3709d3a0613aa755785cb33319709ee70255
SHA256 59d75789de2b08bd1a98c0bb37255b526117857f2e1c5490a121911ba113e5cc
SHA512 37e582a0fd0fd64f2bd0ae4798d74f8a52d3829a5119658215cc06db29f95848d229aebbec6d90c501c454fc77903862910a8878be3fca3dcddb80cc16288858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 0d5c6199f5e1717f62545b202071f35d
SHA1 3c0e9e730013f3dd6a31250b3874992076441c46
SHA256 e7b93fe54c2d862f83e25a646ef2b60fb1f33e889683176d809ba16b6749dfa6
SHA512 be4f0e3acff454b717d856f213ea6caa1ffadf43480aa1558fed9eeccb6d711a219f71ba07399ffffddca007b2a00a20bd31d152c68c25e292031fe7f3f294ef

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\api[1].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml

MD5 f73fc9b2fbb83a83fa925e610af17483
SHA1 939e7e216e84e2bfa53d8306ab7e26d4d1c2ddb6
SHA256 30dbe85668ee28d2acfc0fffd5d77b1685bbc5a0d3e26a52d87486662fe136c5
SHA512 46958390f4210d280a6ce34846a9dda1f49eb75f7fc969072e38702c60ac4c6b295eb09e9513fa0c991102cf69dc7235c4db5a1c4b91173df6912e8e485d6ac6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml

MD5 e391874d82358418f00561ca49e5bbea
SHA1 b31eb9a25f89e536ae57225433b5034b39e151e5
SHA256 d76d83e878b303f985ba7d6a126f89a72160085a57abd0c9982e9336cb8b6f8d
SHA512 28389a69d2736206c289414bc62fe58393449d1e25fb2526a7cddd18cd1ef100acf719df1869b14e843c954e5b9173837a8e3666e37d151195467218cdafde77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml

MD5 fa65b0fc290a930cef6a8d0f7f83a950
SHA1 1de4bed07534566928649e6280d89ce010b33296
SHA256 371869a0893244213aae0d0dfd8eea37810207ee074f574cda249d33682158b4
SHA512 1e5e4bc8fb21302b2f1e0647a208ff0d51a12fcb26e8742a84e354775e467d39dfd00a209b5c5f8a7b657173f901f022a0ef1c93f52f5eb1de925c9a1e086bd7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVY7RUMW\js[1].js

MD5 d7823b10ff18cebf05169bf2158fd37a
SHA1 7e68876f0ace6aa04eb7614f121e1930e4239d73
SHA256 719e5929e1a4b74b5cc2489fa64399302cec8dbc3620e38cacbe5f571487f452
SHA512 77eec59d9c341012e90ae219d43e3582a2a304df492d83a49cd509c28b1eea636fff1ebe50c2407b24f5dd12ddb97ec611fa25a859a8e040937f345d800dc56a

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QB4JENMH\www.roblox.com[1].xml

MD5 8bcd458ffd15b1fc5d314cd0ada1c716
SHA1 d079d87d0d2c6f1c639cea84e43583179bb63834
SHA256 a5066ee153357ca0510572a95d790f02a48a7a8c05ab75aec6a9e7629a1e66b6
SHA512 ddd3754751653ac265916c07d12fe5d76a0b28318811950125a57d0fa5f395f042cad66278cd620787a93ae36427f5dc9f184bee7bcd07971345e52407c98451

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1VX38S3F\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat

MD5 2e6703461a4a81bb0c8964f1656a6354
SHA1 ed795cf09e4c43a4c1f8c82872859957757df02f
SHA256 6d9a5608be36f6e1d127704216fd0513384c0949a731debd783f0b4e063dbfb2
SHA512 488262c0819a93978eb05aa95b926d9a8018d0fb364fdf9da09668185ea48a9b3c286b209b6adcf9bfc1ddccd2727bf54a14925d4f2282ec9eca2477ea7bc5a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7299b336519d95da7ebc932b591a1258
SHA1 edbd12fd59b3ecbb73f0fb165f9313ccd6792617
SHA256 151b37b03253707b0971250858f5f9e077c82aae710e9c7600fc44c876768149
SHA512 cd2b5449e8310c60a5cded86e8ffa65d31cc360a64b51ada1404640db6cf9d97698f002426fe176aae2dc742ce99b218fb0a048766b75d32588b0b94017cf5e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0580a21315d62bf8d0fff7282524624d
SHA1 cfdb483aa87d3fe397ff7e3cdd4e8756df7fe7cf
SHA256 f2b497cef29c346247184412ff9b4dd1a6edb78328e8308715876f31b5d67c3d
SHA512 e2249feb23cc8aacbef7c8f509a30b45048e6f56cf1d9f2f27e14d8c95ab5f7a0bdd284c73525798e5327c4c6bacab297b9bb2ab65b5248208d9c0e51ced8d26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c4de1fe46ac962e6c8779531d4561a8e
SHA1 4e4c4f9bb84d99cd73affea66cf90d247bb956c0
SHA256 8b421878a3e732dc66eb00867da63b2ca317d8615548331d146f9a0e3dd7752b
SHA512 d1cf060b12385cb78d2f9cf39969af648a06b2e68478439df4716775aad657adb843b74ae26a79e1d069c762d1ae8ff11f30c3754ba805740167a8214c18d27d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 988e4d07f6c1e70abf50ee807509f419
SHA1 d41e321337aad66048503abbde913caf66d14f91
SHA256 9f96a907a2ad1ce181977f19831e6b2f5cc02698f920414462d0378dc98c38ca
SHA512 cc538b5ef535b71bc623c5db5f444c97c4c865124a7a275badce466a1a95b0578bff87b2d92855ec544da658595a864c7419aa259037081589fac06639c3129f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 257bffac99eb14470e53274f9b4d65ca
SHA1 4ea1ed3feaf1936be08579c6857a1b80d3f4016f
SHA256 169085625925eaee319ceee0e1ef4c291daed556e324a43fb0868402cd7dbc63
SHA512 cb0d300b6d22d46078ed36e271c4f5e00043ea56458c3097da58fc644e7ad199a3ae8d1dbca25198c20d40265bff759a7f0e2b47490bd4eced4d2913867b8db9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98016a964f3db8547ee125d53b1e4ce5
SHA1 46d353f39f8d3e6ed55f73800a90d8faacbec5af
SHA256 ebbbff87a25c17d22bbdbe0679fd62e6e51e797dca5513cdba7af4c9e5351d64
SHA512 1ceddf1de015e857faa54fea12b7c2f96e2120550bf61afcedeea47ce300a8f15c08054910232f2ef7960ae2e0764a0c8efdeb91519f34633e1bad78af4de6f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 090d119e75851cccdde93f2ceb0292d9
SHA1 f77b3d3c0348d3a6c3c6250f8204ef47a21995d2
SHA256 f11762a883a3f5f6839798f6b8f616bda61faa754f99f00c4cc3312144ce6ec1
SHA512 2757b5b008e5d38c86378c5c70d8b6dd9f37e541c280013f3b9c15105ed38fa3a0ce2d1968f64d1cfc6162edf9e153405e975b99e168ca4544f739f8ddc94bde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 428e99b76e4f68c84ec879b443aacf45
SHA1 62c88e7681adb10424c412194aca68ae63d0953c
SHA256 32b17a88625adb703f824abf3789c7e4887024605245abcf539830e091ca125a
SHA512 783b227f7f77af1e6efc0c403793409200399e2ad0bb73bd1b1df87f28182a6be9819e5c04d4d9b4e24314541dd4a7e0904de20802f843246fd8974cbf1b2077

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032a5b5b12ca4a9793cb8230828c3469
SHA1 fb3af4748f118b0556738fc000933c4da9dea0e0
SHA256 f00c89460df407874c6f17afbeb782fa238abac1bf16722678a928e524963530
SHA512 b197e57f9065106e39e56657fd7799115b04701fe24de4441259f8239ee78c8ab74e35a4d5c9a1e9c922b5e6de7568ac57b8f270334362bfaace63acabc4e9a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 793238846ea45d7c28deb8c4039715c0
SHA1 d444f470152d752ba491d4ee4c75045c81535945
SHA256 f87c7b17bbebea81135f576edbf3bd3106c8ac2434a255f390c85b25126eef44
SHA512 5547fbde33fa3c3e86baba670dbdf5550043acf846c50a27327e9aa2d6a3d03efe9be91d987ea9407a19552afc945caafc766440cac5831e33d2bf85bb4c629a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eba78a6d3877302d6242687a6281d60a
SHA1 1baed9f9a72c2381a19bfc0d0324e79272896b06
SHA256 5ebbcb5cf209db691dfac625e3f09b9b5ca2d706b8b5019255cc4adcd71d316f
SHA512 57bb74ffd6b1f81da9057089ec7c7e5a0e09233c717b74a24b108c88f6db30b23857bdce95a569ff422dfce05b5b729dc264359cc3a35f7c3a53d63c83557e50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 724179b163055b95a314f9f24f88c152
SHA1 24c1d225920501584359d4ea318efe10d829ef28
SHA256 f75d4c4e2d4f08cfbf96bb2d2bf0d046664f348566a4ce115fc93ff486add655
SHA512 3bf06789577a2e9bd400cb95be02197a0938b39140b5bd4142386d3dffdf4eb786b52862bdf8c0e74353a21563731e975062524448d44ca073d50e48c45a2d7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e29b6aeb64553573c7ffc1399e261cb
SHA1 076da098720c7dad3b8215aa7b54ae63739a030c
SHA256 3785729d045f3ca7bdadb6c52bb2e70cf6358b21acb440e54e3ede281c76a884
SHA512 3d0fb6a8716f7046beb705a5d9a4f8956e7d6255659eeeca539f245234d4f1a81436d0a57ca8b480e352df46f27042e600732e36a614f196bedfec1335039dbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd07af46faf514c0f2aaf4a53602ffd2
SHA1 9df5666652be6206b3234a9122e753428db57e4c
SHA256 606c2f35f99bab9d85755f5943a089b0e6f5aed6d20b32b0ebdc55bdd52a8b5f
SHA512 c43f57af2db73a5eec235aac34543378d6a275bb77564f757120d793dd0b062ad5c03d037cbc26d90b5a5a8b0cb1d14f83b47a972484199464461d39d39183a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5eb6b04e47d1d7065978a1719eac89ad
SHA1 9153b09675cfe4e0eb51ba3130784dbbf083749c
SHA256 8e2a01efb938b4482ad1731e2c05916709f4b5a2aa3de07e9e16b3aad3f4f6c0
SHA512 18e79e43a2d41ce0b245f972c5d55f4a7023bb6f9a3e074b1e4deb5ed5b19c32d9050e708890d8846cbc6462acc2a1fc701f846c7f6d8be8b6b906dc601e83bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8372b488035328c822fa46b5d5538d61
SHA1 05b0176a08bc81dc08fbc2654b728f4ea08e4cdf
SHA256 3ae6d5e19b5d511532221620bdc40cc62078f7e2496d911767c1d4f47982cf9f
SHA512 16ca1b68a03b4cf20a03d6d9c4fb3850c5ce7b18ed6d5f6514dfeb6e2322d184f21e236cdd7a84033ea35612a2d26df4fc83a88ffa7ab7b517a13d09c3801051

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b12f0dacfe7f0273a645c266a739d82f
SHA1 b3744645cbfc42f88a34b82f59344bd5fc630c11
SHA256 feaef856d2a6429eb4b03bdcc813e7273fe44d6b6a9979b7a382836852d9fe26
SHA512 032a64b6925b83d5750676e787ac967e3c7fe016f6016bd48b6893305f52f5ded977397bf84140fb28bcfc23813a5e51a53dd1d3dd96ee487bee59d0cb96d451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7110c1b131711048355d2a6526f75e5
SHA1 6cc2b096b6bb60db9df25715c84b473a95d92fe0
SHA256 da5512ce9a0ea310f55ef1afbaadd14e98c318d8ae0a689b273ff2819e1e46e7
SHA512 3036cb86eb0a5f2eacf2b7ca90818c672e651501fad77dc562ec127829b64c0c4801536de8012921112bc67caa0317a61d8fcc17341d83ee5d4b02aedff6d0ff

Analysis: behavioral5

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:34

Platform

android-x64-20240624-en

Max time kernel

129s

Max time network

156s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 88.221.135.3:80 r11.i.lencr.org tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 92.123.143.232:443 tr.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.3:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.180.14:443 clients1.google.com tcp
US 1.1.1.1:53 aws-eu-central-1a-lms.rbx.com udp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 1.1.1.1:53 aws-us-east-1a-lms.rbx.com udp
US 1.1.1.1:53 aws-us-west-1a-lms.rbx.com udp
US 1.1.1.1:53 lax4-128-116-63-3.roblox.com udp
US 1.1.1.1:53 pulsar.roblox.com udp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 1.1.1.1:53 lhr2-128-116-119-3.roblox.com udp
US 3.209.222.227:443 aws-us-east-1a-lms.rbx.com tcp
US 1.1.1.1:53 lax2-128-116-116-3.roblox.com udp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 54.241.62.188:443 aws-us-west-1a-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.193:443 tpc.googlesyndication.com tcp
GB 172.217.16.238:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.200.10:443 tcp

Files

files/dom-0.html

MD5 f1953949bd626df2e46a3ecc6499b582
SHA1 116cb54c6430fa89194181572968819f4de02271
SHA256 fb0e0b65d96b4d3f54fe40f32123685ddb46c8e92b93b0c4ea793c7f81ca2b52
SHA512 b805a0ed994382b5453a19011295541bc2c4f377ae726f6faf1f0f3a10fa9e608f47527870859db2e2ac309d0e1b3bd5b4f2af6aa99dc0a042cca6bf9ff7f784

Analysis: behavioral7

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:34

Platform

android-33-x64-arm64-20240624-en

Max time kernel

141s

Max time network

153s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 172.217.16.234:443 gmscompliance-pa.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 88.221.135.9:80 r11.i.lencr.org tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 accounts.google.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 216.58.212.228:443 www.google.com tcp
GB 2.23.210.80:443 css.rbxcdn.com tcp
GB 2.23.210.80:443 tcp
GB 2.23.210.80:443 tcp
GB 2.23.210.80:443 tcp
GB 2.23.210.80:443 tcp
GB 2.23.210.80:443 tcp
GB 108.138.217.62:443 static.rbxcdn.com tcp
GB 108.138.217.62:443 tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 tcp
US 205.234.175.102:443 tcp
US 205.234.175.102:443 tcp
US 205.234.175.102:443 tcp
US 205.234.175.102:443 tcp
GB 18.244.155.10:443 udp
GB 2.23.210.80:443 css.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 92.123.143.232:443 tr.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 216.137.44.8:443 tcp
GB 216.137.44.8:443 tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.180.2:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
GB 18.175.6.237:443 aws-eu-west-2c-lms.rbx.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 128.116.121.3:443 tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
FR 128.116.122.3:443 gold.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
HK 16.162.200.89:443 aws-ap-east-1c-lms.rbx.com tcp
US 128.116.63.3:443 tcp
JP 128.116.120.3:443 tcp
US 128.116.121.3:443 tcp
SG 128.116.50.3:443 tcp
US 128.116.99.3:443 tcp
HK 16.162.200.89:443 tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 172.217.16.234:443 remoteprovisioning.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
GB 216.58.213.3:443 udp
GB 216.58.212.228:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.212.228:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

files/dom-0.html

MD5 188ab80df6adf832c381f5e584fe2da9
SHA1 e81898c6e39f950ce217577b8a228ecd75108104
SHA256 587c898b2c1d43fc974c2b67ee7dcefb6524f75dd097257c5035ba5e147a25ec
SHA512 9f0c69e871bb706bcc55fea54fbdff9cc7c0acd1c0bd3dc56b706ee8ad7c72282b2a3e66975f2493e859c074ef7bc792f94a33ec0ece70585a58c6c587cb154e

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:33

Platform

win10-20240404-en

Max time kernel

149s

Max time network

142s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "56" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 = 0400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083551900000001000000100000004917c0071bcbe9c7046c52368f011df95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "SR en-US Locale Handler" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "German Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "16000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = be30e6260afdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\AudioInput\\TokenEnums\\MMAudioIn\\" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "432100642" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "40A;C0A" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "{15E16AEC-F2F0-4E52-B0DF-029D11E58E4B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Discrete;Continuous" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 61d5b81d0afdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 ^ 0008 1 0009 2 000a ~ 000b : 000c a 000d aw 000e ax 000f ay 0010 b 0011 d 0012 ch 0013 eh 0014 eu 0015 ey 0016 f 0017 g 0018 h 0019 ih 001a iy 001b jh 001c k 001d l 001e m 001f n 0020 ng 0021 oe 0022 oh 0023 ow 0024 oy 0025 p 0026 pf 0027 r 0028 s 0029 sh 002a t 002b ts 002c ue 002d uh 002e uw 002f uy 0030 v 0031 x 0032 y 0033 z 0034 zh 0035" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "DebugPlugin" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Near" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "HW" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Universal Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{F025BB83-F493-421D-B9E4-CD1FADFF94A5} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1084 wrote to memory of 3408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 123.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 40.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 43.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 2.83.239.18.in-addr.arpa udp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 128.116.119.3:443 roblox.com tcp
NL 18.239.50.67:443 roblox-api.arkoselabs.com tcp
NL 18.239.50.67:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.57:443 images.rbxcdn.com tcp
GB 173.222.211.27:443 tr.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
NL 18.239.83.2:443 css.rbxcdn.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 18.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 33.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 57.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 27.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 14.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 67.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 40.200.250.142.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 173.222.211.57:443 images.rbxcdn.com tcp
GB 173.222.211.57:443 images.rbxcdn.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 aws-us-west-2b-lms.rbx.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
GB 35.178.34.242:443 aws-eu-west-2a-lms.rbx.com tcp
GB 35.178.34.242:443 aws-eu-west-2a-lms.rbx.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 8.8.8.8:53 ord2-128-116-101-3.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
NL 108.156.60.91:443 c0aws.rbxcdn.com tcp
NL 108.156.60.91:443 c0aws.rbxcdn.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
NL 18.239.62.218:80 ocsp.r2m03.amazontrust.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
GB 172.217.169.34:443 ep1.adtrafficquality.google tcp
GB 172.217.169.34:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 242.34.178.35.in-addr.arpa udp
US 8.8.8.8:53 7.128.33.52.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 91.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 218.62.239.18.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.50.116.128.in-addr.arpa udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.142.34:443 www.bing.com tcp
GB 92.123.142.34:443 www.bing.com tcp
US 8.8.8.8:53 219.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 34.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

memory/3032-16-0x00000289A2C20000-0x00000289A2C30000-memory.dmp

memory/3032-0-0x00000289A2B20000-0x00000289A2B30000-memory.dmp

memory/3032-35-0x00000289A00B0000-0x00000289A00B2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\60LGMEF2\api[1].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

memory/3408-345-0x000001A166B00000-0x000001A166C00000-memory.dmp

memory/3408-392-0x000001A167B00000-0x000001A167B02000-memory.dmp

memory/3408-390-0x000001A1679E0000-0x000001A1679E2000-memory.dmp

memory/3408-396-0x000001A167B40000-0x000001A167B42000-memory.dmp

memory/3408-402-0x000001A167E20000-0x000001A167E22000-memory.dmp

memory/3408-400-0x000001A167E00000-0x000001A167E02000-memory.dmp

memory/3408-404-0x000001A167EE0000-0x000001A167EE2000-memory.dmp

memory/3408-394-0x000001A167B20000-0x000001A167B22000-memory.dmp

memory/3408-398-0x000001A167DE0000-0x000001A167DE2000-memory.dmp

memory/3408-415-0x000001A1661C0000-0x000001A1661E0000-memory.dmp

memory/3408-414-0x000001A166540000-0x000001A166560000-memory.dmp

memory/3408-430-0x000001A166D30000-0x000001A166D32000-memory.dmp

memory/3408-485-0x000001A168520000-0x000001A168540000-memory.dmp

memory/3408-493-0x000001A1697E0000-0x000001A169800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml

MD5 b25e163f08558852f779d70a9f336ac0
SHA1 4c053bec4869e1237eac9d4e1c27f6d78bbcc473
SHA256 a3b64b2cff3a6b0084d2d617d3b9d90937a96a4f0c9b7ce49315d7c3a94ec893
SHA512 d5e6192cb02afbd99343fa88d94e2969145f8043f112cefd20355fd5eaa2f850c9ffca4c19ac1c4ed4bf8735b8403c1b6dbe6dd401433a026901de94618c3a20

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml

MD5 6a2bc5335dd197fb4ec44d29f345a326
SHA1 82db5eda6c4410747f61f41554299f7e0a852937
SHA256 f9217b797b51d38cbaf4771b2faf223535341232ea40db3b634cb45e37ed2d66
SHA512 8f198d84277edc0d18938eeb16c3ff7e811bdaedea63ad425899dd4388ee8b8d71f175a2a4762ac89d74667ad7b36502a520face4c63ae4436ffb6a8d05b51e4

memory/3408-616-0x000001A16A140000-0x000001A16A142000-memory.dmp

memory/3408-612-0x000001A16A130000-0x000001A16A132000-memory.dmp

memory/3408-609-0x000001A16A110000-0x000001A16A112000-memory.dmp

memory/3408-606-0x000001A16A0F0000-0x000001A16A0F2000-memory.dmp

memory/3408-602-0x000001A169720000-0x000001A169722000-memory.dmp

memory/3408-739-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-738-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-737-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-755-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-747-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-746-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-745-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-744-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-743-0x000001A163E60000-0x000001A163E70000-memory.dmp

memory/3408-742-0x000001A163E60000-0x000001A163E70000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml

MD5 c2e92b0008858d2e83a2992e40988ccb
SHA1 6e8c4dae15f7868325c3a97f0612e7ecbe1a982d
SHA256 cbc998769722febdb9bf0c16bb88bc03abc7297daf274203f9697978d328a728
SHA512 765ce37c60409d8e6718cf488ae1bf2cf56b0af80e4b1faefc0fbd462420038ffd81affb049dd935ff9edd376715988bd4290760cc50a8120e5a5b3dad479d16

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P6D064LF\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5TH9W7YA\funcaptcha_api[1].js

MD5 759ab24cf5846f06c5cdb324ee4887ea
SHA1 41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE19KYCM\www.roblox.com[1].xml

MD5 c59261739329a4c270c863c0f0ec0385
SHA1 f9db3233b4f5ada32aaf34c5ee5221d42a37c1f4
SHA256 f09db9e9e512fc5e7e71ec2ba3e282d7e49218bd0f40d23092b29f62e7932ca6
SHA512 bfba3efc9e11a71d6193c047c3e49048bfd72c61b86df3403313eb74b609d4d9d0077dcc47c776130a47ed67039a8a428c0667b5d74434a57b14eb38bbc3c932

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UNHHO5HP\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:33

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1000 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 3120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4516 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1000 wrote to memory of 4360 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c31d46f8,0x7ff8c31d4708,0x7ff8c31d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7689653001614579994,3758253957982427150,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 123.143.123.92.in-addr.arpa udp
NL 18.239.18.35:443 static.rbxcdn.com tcp
NL 18.239.18.35:443 static.rbxcdn.com tcp
NL 18.239.50.82:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
US 8.8.8.8:53 33.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 35.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 82.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 69.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
NL 18.239.83.69:443 css.rbxcdn.com tcp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 173.222.211.27:443 tr.rbxcdn.com tcp
NL 18.239.94.14:443 images.rbxcdn.com tcp
NL 18.239.94.14:443 images.rbxcdn.com tcp
NL 18.239.94.14:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 27.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 14.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 c0cfly.rbxcdn.com udp
US 8.8.8.8:53 atl1-128-116-99-3.roblox.com udp
US 8.8.8.8:53 aws-ap-east-1c-lms.rbx.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 lga2-128-116-32-3.roblox.com udp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2b-lms.rbx.com udp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 sin2-128-116-97-3.roblox.com udp
GB 3.9.224.67:443 aws-eu-west-2a-lms.rbx.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
HK 43.199.50.252:443 aws-ap-east-1c-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
NL 108.156.60.42:443 c0aws.rbxcdn.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
HK 43.199.50.252:443 aws-ap-east-1c-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.224.9.3.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.32.116.128.in-addr.arpa udp
US 8.8.8.8:53 42.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 3.99.116.128.in-addr.arpa udp
US 8.8.8.8:53 7.128.33.52.in-addr.arpa udp
US 8.8.8.8:53 252.50.199.43.in-addr.arpa udp
US 8.8.8.8:53 3.97.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.120.116.128.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38f59a47b777f2fc52088e96ffb2baaf
SHA1 267224482588b41a96d813f6d9e9d924867062db
SHA256 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA512 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

\??\pipe\LOCAL\crashpad_1000_GJIXUGOHOUARUTLT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab8ce148cb7d44f709fb1c460d03e1b0
SHA1 44d15744015155f3e74580c93317e12d2cc0f859
SHA256 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512 f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 637ecebb208964f1bf3355df550e2e7c
SHA1 3dc8381a50bdc31d186600d0b97a54293afeb662
SHA256 00ec1beb1a2ce91c82207bc1d8d5db92c555c62029f9e44f7c3b833b5d1873d4
SHA512 feeb540f2e5d4fee285a08be70a7134be5cfdc5695809eab6d66945dcd4e72672d47bb2df703868ccb4b16204ac17c96df7010c6c1d6ac1e01f6e73bedc8044d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 edc5d67904b55271580c2031069403d5
SHA1 109b78882f4f293deac82abdb75b916470a8fb88
SHA256 9d61f10959edea8a804ef49de722c6915a323d162f4627ab93c0e31c3ddd9533
SHA512 87a64127a8d2290fe48e2cca6b0ce3ce7e932e019f4948a86cfec290ef414dbe7daf865400d28fa7df17280be1ff4383270e4274aac84bb6d074fd6a32f3bed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9e42d62b-6038-476f-9256-0e012ebee30d.tmp

MD5 43bd166cdc13d306ff9c99841495baac
SHA1 d67c76dd50ad1e6b78ea81e8c484e3d0cb4567a9
SHA256 fa890068f5361129ee23210a6451d5dd93adb31f70562c2bf956f7d7c647a6d5
SHA512 67ca6fae38e134c2b8249840a813209d1b77896b6b2a9a337b8001b4162aeb17db5ec6491137e0f714e3c11b1b2b947127583907e33e6e60586c2e45a1952b4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84462ce0534e17c7baab0daf27d27a07
SHA1 4a4fff6e4410459fbb5e11547fde51612489eaa0
SHA256 8a82cdda19fd15ca99550b64194e16a552396e3008338f3d5f1737b5e86f0ca5
SHA512 a8823ff3e8ee825bc395c482039311617603c5fe6c62173bcbfd3967b5c374e7face3ed0fcc2eab756196c4d244febb638e6670bd93af5b6d47ff37cb773ba15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1f4.TMP

MD5 8f9614659915640ccfba8ea02d852d39
SHA1 53c7e35801f5fb07146ba353024ce9b1967974bb
SHA256 ce82092fafcce915ff07e1f86a54304ecdc328f058931fc357f50e0545d3ae80
SHA512 eaccd29100c051c826f2831b1fed5b220b63b97e65a220679becb7c5dbf8dec608b725d4c9cc7d0a974af21e2e5728ca0943c4db68575ed2f7232298851c2c8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef0afacf3542116e7a803209064a32ad
SHA1 3a4efe6bb1b33f9a9148a5ed9358a88e88bb0516
SHA256 4a862141f571179caac1cf3fa1d2666c9823ba27384c1137f3bf29d44e72fda9
SHA512 37cdec0470ff8103cc83204ab4b22f6f1dadb761528c5146aea797f4267bd9d6fdaccb1588973dce39e4343196fd36a9719f5f3a074a10fd96c76eb9ed8526a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 18daf572ad4ca0a56f90fa4f0cd3e22a
SHA1 c018fc304bcd474bf2aed3ddc03bd1eb36d1d37f
SHA256 1923fbf5cdbc69264e7b1a4c2d4cc7fda2c3134b8ba1b10e7139f50582ee2e5d
SHA512 4d0f9a75fde18b37ae52a74a886a733ae477d89a6173795545042eebb664cbae085c7129d1acb69d10beaa9b6f19fac3628a3a529dc6cfa2020b942f32fb1909

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d8c8d02a15bbff6c7b12ecbf590ecaa4
SHA1 10de4bcdf48c8db0a706a793afb7cfd8887e0065
SHA256 aa9425a6fe26abef9cc8a8ed86962dc38a4c6f87e2be4d824c50b8df3067223b
SHA512 e564a9271d2f2cddead0e7b798ab1a103a0cbd88a7c24821b734c662dfb460b21027831bf1d3ff48c00b52d9623c6c04b66c0117c0479bfb4d18bb960c3cce65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c6c89988818665330e98c73937e892c9
SHA1 ab4be66122260679430365429c8505155ed8ad04
SHA256 a221b4f8d58dd409c0c332144074ed6b7cfa21d0adb0a70136a55673c1ed9c0b
SHA512 7a5fd5c3c211783fe97cf1a2d45555c87c7fe6510a565677464fc040b277ed68c85d8ae58eddb9a915c09d39415c0d02305df6e676ea28d89b8a45fe94337483

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a83dee8a-b418-417d-a647-59dbc5b25f01.tmp

MD5 d882c9ed8c645a92fad2d1ccc0e0b22e
SHA1 676c82ae6d3b40da6b1cbd9c382e614a7d9c86f0
SHA256 20f9c3223eb90bcd4df3d5bdd0569d7a9dab4098859a4f7417576fadbfd781a7
SHA512 00cce9d354663bec6d455f987743580a49570839e1bf22e68b8bf58e7d82b8062221433cf94e522cd0943c55b193c0e7b397ade4fa9cb358d608ded3660ce424

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:33

Platform

win11-20240802-en

Max time kernel

145s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4908 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 1680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 4628 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 1572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4908 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff93c7a3cb8,0x7ff93c7a3cc8,0x7ff93c7a3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,13641633443935442464,13959709576156924935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5096 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
GB 173.222.211.33:443 js.rbxcdn.com tcp
NL 18.239.50.67:443 roblox-api.arkoselabs.com tcp
NL 18.239.18.72:443 static.rbxcdn.com tcp
NL 18.239.18.72:443 static.rbxcdn.com tcp
US 8.8.8.8:53 123.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 33.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 95.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 67.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 72.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 216.137.44.24:443 images.rbxcdn.com tcp
GB 216.137.44.24:443 images.rbxcdn.com tcp
GB 216.137.44.24:443 images.rbxcdn.com tcp
GB 216.137.44.24:443 images.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 172.217.169.34:443 ep1.adtrafficquality.google tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 151.101.129.194:443 roblox-poc.global.ssl.fastly.net tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
GB 173.222.211.41:443 c0ak.rbxcdn.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 158.85.192.52.in-addr.arpa udp
US 8.8.8.8:53 3.120.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b0177afa818e013394b36a04cb111278
SHA1 dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256 ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512 d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

\??\pipe\LOCAL\crashpad_4908_TXSMVLAHVNKRFQDG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9af507866fb23dace6259791c377531f
SHA1 5a5914fc48341ac112bfcd71b946fc0b2619f933
SHA256 5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512 c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 56cd8becfc0154ac96d5fffd1cd855d9
SHA1 ca51c5d6125213f17f9d30e2cd305e602e171ad2
SHA256 4ed476ce66d72736705b96bb375a11e55edaadd592d38e9c133b293f564bc7d7
SHA512 92fdc05f970966efce9e63f15968fc33c9d17ae8bac99497f41d47d0a1d6129e0f228222853aeae08956988291ad1597d76690102907545feb01f254bcece64f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 9bb73783eafd01effd730392174ed060
SHA1 27e7708d142740df901bd45ee9bc17ce0a47245a
SHA256 2466230540a07edfc3ca35ec4412feb382e0d459e790d4df62c5f7171d9d5bfd
SHA512 921abaf25c8acdb7a1cc21229b0f9fc4d5322fb2bddcef1c0642da6511060be194ff05db0806b3e2226e4e4227c6bf2306d9bd14bd4d326f410e4069a4af6cd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0d4188094657cf9fbbb01dde871739c
SHA1 c70fa58daecd92e726a69f1bc70f6925a8683075
SHA256 7508b5f114dd7c7a6d340159c3c9b9b16e3cf0d4d64fba7922ee776573ba832a
SHA512 497f77bfd5589c3ab926adf7bbefebe778198981ea7600bf56176b238be34936f0d5e5b163f3f0f8f19d4f207deb62b37f89e2977c95bd05e7c60b68de786676

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 021344275358246ee8bca2ced04516d5
SHA1 cb7293877378ce75dd526605a44f273dcd3d0218
SHA256 8a0beaa2edf2f149245bed672eb5e48f1a43a90e0ca95c2338e13aa6d668b9b6
SHA512 d38f08ba6319001c574ff78fbe766e95c9c90c189102bd99784a5845756d8a858c1b5efcadd454b36d5f6da908fcedb9b21c07e2ee163b52b7a187443c1cd1d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fa9963232c29175d148cc6694869f07b
SHA1 e770504e67a78779bf08adac66de83a245d4607b
SHA256 26efc6af7ba2a9bf7483e479e7428ec6cde0df677598737668a1f28dfef798ee
SHA512 eef4d0a8f323d6e6bb0a233c8f2f2b570facec7a0b4c78381545d75a1b28c44b2cf92517a9453d180f3b82120ff97adff5823c97742718e3bb90368418e24277

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b102f3962b2edd89bc6aecac7c0f9fd0
SHA1 f1146e506c5b0a04930ccba25afdc1bcf0113121
SHA256 1f05a137ac9317248e2baefb1db8690f4259d849110b03f1eaedc2c7cf67fd39
SHA512 106abcaadcabb10367ea16aba5073c39402dc3c4ed62f05dcf9f66207b21ebcd1435ce42769beb9ba17d12afa7e62889c1bd4809a70d3fceefaa42b1f3ad46d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP

MD5 944c623a9cb6229e55d19e8006b0a439
SHA1 a1ffd8494ac62e026d1629fde0dad6d5c741dcf5
SHA256 df0b725666d63b84f23040264927ff08c64fd296fada15546f5d29df50d5f30d
SHA512 7912197c0c20e9323c5d75398d028114758de467ab65936269bba61e2ef683ba5833eef57a23fcd25b6e3c29422b3683ea16a458a6bea4056dc0a8b540b4c6c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae8dce97ffc55e26eabd9a88dbdac828
SHA1 73d86ac694189e9418200fccbb250774e5dacf1e
SHA256 b00052f2a332f94c318cad9c8406f9f5b3fda3067fde614cd3daa376af439751
SHA512 341952a0742aa583c65f590fab6dee77265adaeb00c3ecd32d8f7a53c6b1d080166cf7fee6fc4c5910f40add021f87bdeb09c0a0286895269310cfcdd54f0952

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66db3b2874038e74c7a20d0ac534136a
SHA1 1976c86b3a0c48edfb68d8a6cbdbdfffa84f96c4
SHA256 47735a7e913d5476989eb8af4596f7143289d84bf19e6ead7c15ffacb72d93f2
SHA512 216cca8a17f9069392b09f3e6ad1fa4172cd25ffd10e7a2b8d01091c106cac33d54e381bcfc957a5eabd7ce456dc72b984b5b809863297652c9cf31684f5944b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7be4957bab796ca44010010641ad8c5c
SHA1 e65552df948049efc1232a25e33f85138a0b17db
SHA256 5f05183b5a36bfa9f49ed7ca83c1821bbe2af1c8b9ebc1d7e36e5620d4dc7ebb
SHA512 09b49f57405815ecb74653ee84376ab623e58b069231535eb4b5fefb53f80130615a86adf0afd6408ac3ec97b30bd3cd2209405f7411f65ec3c5b4ee388cff38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abf08f7b9cfaba86bc5df9dbb45a39e7
SHA1 16bfea8680d5730d44dea8a9ac8be6555494f0b2
SHA256 99d48f7ace2a539c7667ffd09cf70102040234045e68e80de57d5667beb0bbc5
SHA512 d31921581bd68b1ea20e68796e2ae60b2a7a108336abfa69c618516c800a8f2ab7beeb90fdce36b95b22daf49de03ff14e9e01044340ee68f012e348a6c79f12

Analysis: behavioral6

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:34

Platform

android-x64-arm64-20240624-en

Max time kernel

134s

Max time network

148s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.roblox.com.bi udp
BE 142.250.110.84:443 accounts.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 92.123.128.149:80 r11.i.lencr.org tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
GB 104.86.110.83:443 js.rbxcdn.com tcp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
US 1.1.1.1:53 images.rbxcdn.com udp
GB 2.23.210.103:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 tr.rbxcdn.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 2.23.210.103:443 images.rbxcdn.com tcp
GB 2.23.210.103:443 images.rbxcdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.14:443 clients1.google.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 aws-eu-central-1a-lms.rbx.com udp
US 1.1.1.1:53 ams2-128-116-21-3.roblox.com udp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 1.1.1.1:53 lax2-128-116-116-3.roblox.com udp
US 1.1.1.1:53 lga2-128-116-32-3.roblox.com udp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 1.1.1.1:53 aws-us-west-1c-lms.rbx.com udp
US 1.1.1.1:53 mia4-128-116-45-3.roblox.com udp
US 1.1.1.1:53 lax4-128-116-63-3.roblox.com udp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 13.57.45.211:443 aws-us-west-1c-lms.rbx.com tcp
US 1.1.1.1:53 c0.rbxcdn.com udp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
GB 52.84.90.6:443 c0.rbxcdn.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.67:443 update.googleapis.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 142.250.178.14:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrnse.gvt1.com udp
GB 74.125.168.200:443 r3---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.200:443 r3---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.234:443 r5---sn-aigzrnsl.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.202:443 r5---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnss.gvt1.com udp
GB 74.125.175.10:443 r5---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnse.gvt1.com udp
GB 74.125.168.198:443 r1---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnss.gvt1.com udp
GB 74.125.175.6:443 r1---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.199:443 r2---sn-aigzrn7d.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7e.gvt1.com udp
GB 173.194.5.42:443 r5---sn-aigzrn7e.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

files/dom-0.html

MD5 8270ea307fbec732631735ec1970099f
SHA1 538c1a8f85cd0b0782eebe9a26bfbd867d5c1e51
SHA256 8f335fc92e629da2c2baf053c92211802feda0578b6233d04fce1e0719ceccd4
SHA512 b0a86b026696ec364d31b07819086681f6c54f736fb55eb0756e2821806b11efcb9401b82ff03709d6b46aff02f3925ef51e25ea1dddc49875135d1aa6548971

Analysis: behavioral8

Detonation Overview

Submitted

2024-09-02 07:31

Reported

2024-09-02 07:34

Platform

android-x86-arm-20240624-en

Max time kernel

129s

Max time network

138s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 88.221.135.3:80 r11.i.lencr.org tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
US 205.234.175.102:443 static.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 2.19.117.6:443 js.rbxcdn.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 aws-eu-central-1a-lms.rbx.com udp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
US 1.1.1.1:53 pulsar.roblox.com udp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 1.1.1.1:53 lax2-128-116-116-3.roblox.com udp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 dfw2-128-116-95-3.roblox.com udp
US 1.1.1.1:53 gold.roblox.com udp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 1.1.1.1:53 lga2-128-116-32-3.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
FR 128.116.122.3:443 gold.roblox.com tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.213.10:443 tcp

Files

files/dom-0.html

MD5 00b9be88d2e59a9bd072a742504e96ab
SHA1 f17b04c5be8b58186fd62763e2717c7efb4b2a9b
SHA256 58583289da022b03d9b63f4eb6b1b0c5bf043708b11ccba043d8c20c6177248c
SHA512 92de5b23b66da40f41273c24b1d1b1edd43c4baca2eff05ccf67a0b860ab19e7af86361f5c07596e259f2255263a9522dfbcbbed256f6d1a5e3d7d381a64ceeb