Malware Analysis Report

2024-10-19 11:16

Sample ID 240902-jex2ksvgql
Target https://www.roblox.com.bi/users/5445740091/profile
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.

Malicious Activity Summary

discovery

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Checks CPU information

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: MapViewOfSection

Checks memory information

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-02 07:35

Signatures

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

android-x64-20240624-en

Max time kernel

128s

Max time network

156s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 92.123.128.149:80 r11.i.lencr.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 18.245.253.103:443 js.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 88.221.134.11:443 tr.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.46:443 clients1.google.com tcp
US 1.1.1.1:53 fra2-128-116-123-3.roblox.com udp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 1.1.1.1:53 sin2-128-116-97-3.roblox.com udp
US 1.1.1.1:53 aws-us-east-1c-lms.rbx.com udp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 1.1.1.1:53 bom1-128-116-104-4.roblox.com udp
US 1.1.1.1:53 aws-us-west-1c-lms.rbx.com udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 1.1.1.1:53 aws-ap-east-1b-lms.rbx.com udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 1.1.1.1:53 lhr2-128-116-119-3.roblox.com udp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 151.101.129.194:443 roblox-poc.global.ssl.fastly.net tcp
US 52.21.2.64:443 aws-us-east-1c-lms.rbx.com tcp
HK 16.163.186.39:443 aws-ap-east-1b-lms.rbx.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 52.8.219.133:443 aws-us-west-1c-lms.rbx.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 52.8.219.133:443 aws-us-west-1c-lms.rbx.com tcp
HK 16.163.186.39:443 aws-ap-east-1b-lms.rbx.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 172.217.16.226:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 172.217.16.228:443 tcp
GB 172.217.16.228:443 tcp
GB 216.58.213.10:443 tcp

Files

files/dom-0.html

MD5 baf1ed964ac89ed87b838c3d6a645ae3
SHA1 819623c098f2ffc12dac764ce2df5268bff651e4
SHA256 c5b639bc9d09106c0a57b3786df914cae56cc4801a9c83945db2762338612c19
SHA512 2b73969ac1d5e50d95d6b2f0092da2267f93c216a55c94919813a4834da0a6d924d783445fdf61c5bcd3bcb32e57fdb164ad4e64ae7d69b908e373582279c264

Analysis: behavioral8

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

android-x86-arm-20240624-en

Max time kernel

141s

Max time network

152s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 92.123.128.148:80 r11.i.lencr.org tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
GB 2.23.210.92:443 static.rbxcdn.com tcp
GB 2.23.210.92:443 static.rbxcdn.com tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 172.217.169.72:443 ssl.google-analytics.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 aws-us-east-1c-lms.rbx.com udp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 1.1.1.1:53 aws-eu-west-2c-lms.rbx.com udp
US 1.1.1.1:53 aws-us-east-2c-lms.rbx.com udp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 1.1.1.1:53 c0ak.rbxcdn.com udp
US 1.1.1.1:53 sin4-128-116-50-3.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 52.21.2.64:443 aws-us-east-1c-lms.rbx.com tcp
US 1.1.1.1:53 mia4-128-116-45-3.roblox.com udp
GB 13.40.89.241:443 aws-eu-west-2c-lms.rbx.com tcp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 3.137.17.126:443 aws-us-east-2c-lms.rbx.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
GB 92.123.140.73:443 c0ak.rbxcdn.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 172.217.169.1:443 tpc.googlesyndication.com tcp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.179.234:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 cdns.gigya.com udp
GB 23.64.39.73:443 cdns.gigya.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp

Files

files/dom-0.html

MD5 4ad68ac98cbd1bdd6d330594042e7557
SHA1 32e71012bdf760a785e3afd1c02850b09f1a69f1
SHA256 0c8d0e2c172440eedf378d89aa84d7bf75d75e933a35b7f99a297f8d18eda15f
SHA512 d9bdb43ce3f31041da3d1cb3723665ec03040f1d89c62d330b99225a5a8410d8a9bb6c74144beb5a7d5cd976c4e37831fa4d6f35e325b8d53d23067281ea2469

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

win7-20240708-en

Max time kernel

122s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7A82831-68FD-11EF-8893-6AA0EDE5A32F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609d98d50afdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431424413" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000008cff714cda0d5b02a99deb39c233f8ba914f6a86cb9cc58b51fa02ffb6f581d3000000000e8000000002000020000000c76562b44d3b16c526d36e105e503c7a73f93032b2373ca78eed9d46d0dbf9e5900000009abe65be9e159c74ce8fa174cfe90dff26f8d0a63e3d74b06dcb5e7505bfeb6518f5d132e8cb86c7dcdf29bc78fb3e35f953b8f85b89d4914c080d31eadc0bd5096ac3bc1b0f3e6046e5c247f78a9bd5c62e81e6ab9307872fccb8e237fb05a4118ad2fbbe30ab55046a1f9d53264b4b69367caf3087911f97f4088370a56f64ae87fc9d0c6c5ad720bb3c74e7692142400000004f8ad2f27399d81f6a949742aa86e98fdf5b1d1cbe0a92e4d4ee6b5a05a4f556d263afff911d0d3355c6cb8ff848bf6d9a9468a29045f98a08bb933f966777f3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
GB 173.222.211.9:80 r11.o.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 128.116.119.3:443 roblox.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.50.31:443 roblox-api.arkoselabs.com tcp
NL 18.239.50.31:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.34:443 ep1.adtrafficquality.google tcp
GB 172.217.169.34:443 ep1.adtrafficquality.google tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.58:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.115.33.219:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
NL 18.65.39.50:443 js.rbxcdn.com tcp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 cdns.gigya.com udp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
GB 23.49.174.206:443 cdns.gigya.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.32.36:443 region1.google-analytics.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabB9C0.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB9D2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 9dd5bef428ae056ac7e0486465aad516
SHA1 1c383107d67188a3fa08a3c7c9b60ce8834cc9ff
SHA256 9700dc624ce587b7737272e6ef88205c1afde881bd3701efa51eb86b755664c1
SHA512 b86e01a9051622d17de3349d755ba9e9a5a7ec1edd0499f4966f2d1eabdbc4b7e1183c1ef4e8c3b61fa5236512f76d38441f98c0b5e4982abc8026138a24c5df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 865ae94ae444174dd23818a51ed0af20
SHA1 521d7cb5eaff1a5f75a107b48fdeb50f35f7c6e6
SHA256 cb93e697eb581a14c68773d560dd9202c15490f0eec53d2d8a22de79687083d1
SHA512 3ada920bdaeb05b53b6e8b1803b602125ee66d7dd2de932d3159f2883dba556bddae30014f3ab74ca26b44e8e8ff42c2d1b9ac7c0e9b200e3763e9de964b03d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12031b4a71df9503c33bce117626efcc
SHA1 3bfbae5555be9cc0d2c1295c9f96611b28f1482e
SHA256 4aca96145b00b5aa7517471b3a762b721f96992d57306141171356b747862701
SHA512 e8c542c7b050bab5430f15647ba7a4b68e2444ed0db2a39b5782ad846e5f76d0a3ad0fd27934afc116b277d182a7ee88322198736c54a13511c3ffd2e60ca2bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e3c28ffa390f089cdbac62b930460ca7
SHA1 552b9aeeaed7462570ff7a384201706aef667514
SHA256 b17fec87bee9563dfa176d7861ad3b4ec6b5e72b30f7cc6a93719375b733f837
SHA512 38d57d8d63271a12e7558a0364ead5092147245065dcb92f34f7e701b65321ee6ac6c983c1a2099a7ffb76044c142aca25ae0160e876a8269d95b6664bc30aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90db8056abdaccaa51a4f60ab86b8eb6
SHA1 10ce5f200449eda5cb14ff8d7e0e68d421fd20fa
SHA256 bb6ac8df2e62b58f8eae333f78b43ea0ffc564cca9b4b1943d53281488f93338
SHA512 61be4c156d64b5ef915096e08853c5412ef0d962a58bc9250edc5e265db69b8051a558db725bfdcc3eef629c9167bcab2d3c01f15fc467b912ad2d87e7037766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eede54c3b21c435bd30548842a091445
SHA1 786d79fa41d65162c4a661f07b01f207cd6bc5be
SHA256 c793f61e16976fa98578654ef36c3cdfc88494d567e930b5765186f5b7a6a1aa
SHA512 2746f4735c5c181e434208bde196b5d1cf43699bd6495b4da495900c3862862d7310d7564262712bfd2f7522a49a7d41e264af0ed82df2f93a17a00ca5759165

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 b2db5cbc13a6e8c4a06879fe7bfe1696
SHA1 f5e4dec1b730b85d7a015864eae6c57e49423db4
SHA256 5ca8568a4c8e019ed05e5e616617577eece91eb40f60190bd39c7cfc406d5852
SHA512 a93cebf2f4532bfd866e6de5778af0abf898f982aaa674270a70f8bcdd7bf5c74ee4acd778c4f71774b3d056be64635ec27c748f6838f137f4f3f1001dfc65fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 340b4ee7047f2a2df9c280fbd51168df
SHA1 d5c78c04922e6be7bb8a85421de8ade61e9090b8
SHA256 47c79979fdeb7e0fc314a12c788dc9c396dbf67d5481ba0f15d6b43979ab8afc
SHA512 0f1e610621795a3c34b611a5c1d46d9357fcee7f5e1f1e53091da5c839303420b3a433a3217eba5c4951740397cddde26af2cba40a321a8c44fe499d794b0eb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a1e78d5c72f07a2a080b9c7f2778a62
SHA1 b4d0c71119d4ed2454f88826ba4d3a2e668b6dd3
SHA256 0bf0e60b1c248f34a8ebf00bffdf0329d892b593714685a71c06542a453fdc3d
SHA512 705424f93de3095246ae98cfaf4d7410a58c98cc232c7a5a8b2ba4dd7ece47e9f75949cbc278422b8e6275f3ab2328dbcef808733e38abf7c1c21da240eebaf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a32d871cf9dc192529a491b49f83cadd
SHA1 cb5c75cd8eac77d02689423355c0709ad22bf1c5
SHA256 b7274d00a24a8a26341a043916aff26cf59d21e7f75a99522ee9793490017a62
SHA512 d327fcbc2326b902370e82fd74e3fb954691449092d990e67f34aa49086a69fb7fa1ebe09f0cbdf19a5624d14350735582a1a67edcd14cae2380b882097b82a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db64add9e4170ec0f36d64747a33b3ff
SHA1 36f73c840840c921f2ec841cd13157021c30b11a
SHA256 0d0c64af7974d3f63db333b831051e90b0cb4e46e7d3da535b72c827b077206a
SHA512 236adc86a0613d20b4471d528876fbc3bf6d509f7cd15df1657b12d7974a757d0e179afd6acf91f2d17e62aae73f84afd7cd0c559983affe9ed98742f3598501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f477d37422d62e204c363f8d99a3d2f
SHA1 f45d03987e91d80e33ea8ea069c1c13a3bc1f080
SHA256 58f0bc3f0a03bff84a3af4a38c02ca075f1370f31af0733ee1cb186331951aeb
SHA512 0ee1f79d8198123d0066c11dbb307d3ce4662ba1f49ea67752ebdff0279002b9e6619f849605929d8c20576391b6bb1515351cb000f7d9cf1b88a48ed176d0de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c938d54a02d208ad241130ccdaa62921
SHA1 d0dbb964f571674bed07a212a1e8ea5983722db5
SHA256 139819d4ad7db2fdccd1d3acc680688b382fc93a0a1c2c9a8b11b98c0dfb7f3f
SHA512 4aef15aaa25b5380ff86f7a5e51dd856137a9565598e057fb6b9435316cb56b049c74b58a1f77aae52c72258f1ca0df547e43165217bcb6026f7cefd48505df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c1b20792e8f8924a6a47c09824a277f
SHA1 64778dada381d6bafbc2917b14936a3924f4172f
SHA256 2303ef596f985ce45941e1c481f49a0a43a88c7d53056cb197104a668080f764
SHA512 9d63f9147192aec6f53823b84632cb0db6ad970f43ad6ae3230bfd93e248f228fd89cf5e6d6f54f0f491f2391762c9119dce15140b80c13d428f60b041314aa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d61c325abf791f0e1d58327a2208c9df
SHA1 8bf6abb92986732fa4f329ec141e3c69703690ca
SHA256 6e9b87c4c3f654fd2f713e028c9deff7e0eda02db130978604e9cc82d3e190e0
SHA512 e0be90b379f0fc96324b8f0168a34c9ca00a5bbf5e72dc91a058bc46d0bdef849384a23c677c4a11c25560f496c328b70b2fd405783b8b48024c9d152e10d5ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29017818896d2739ff6036a0d49c2c13
SHA1 b9736b23eeeff7e8268f4d2ac646db5a32e1d32c
SHA256 9e14934f89fc3302d57df4eac2b1c0996a86d5811d41bb9980e9c1110aa8ca41
SHA512 32d7f9837efdde94e8a0e48b2fe2af6ad2e8c55af44f36ae71a8e9a2c53abd44fdd71e517c7005242201cbc60c73f622419e2c1d90fc24f7b030ebd0a85ebcbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72dbea6ab985f82c1f8926d71f094bed
SHA1 f4bd60b5abd9ec334bf192380dc860d19a217840
SHA256 16f39c0ba268855a498aee663ac177b12bca6a782e303793bde104a686d9bd42
SHA512 e728b8db1389cc6e04eb5dbb44dd2e537feb01c6c65d73c7623008844eb2a07f627bd4e72fc5c0bdc8782903e704efa7cdda291839b6354c4605fda1e5fad58f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17461f17e09d247227352b44205d9010
SHA1 c98ea74ae6d9e515bbc552904ff84bb622baa6ba
SHA256 990487a01ae38ef0ef527336e4afb24af7017b065f0700084330ad4268cd641d
SHA512 717cb7c0ced30f7c39feba010483beec16b1a40d7040a1ae7ce0f11570abff2791730cc7ce9ecf85615303e9c46f891ece2af30a987777b1d093718a7dfa0270

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dc9d5147be9d8b62dee1059a12cfc32
SHA1 1bae2cb2ce60233982ec5557ee4ce61eaa51ca53
SHA256 4483f53281ad7a6f3aa9ac366ebced66cfb33bf71960571b831f1f398db2a8fb
SHA512 c7981429797f76e6f352a0452eb82e16f2938f7ce66648cc795f51d8960ac9775ca51c8d4efb06b67ca0c2845ac5c91b93fd5431361da97f76cb759a25fd8b20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a47ee061e377b5b71a055d913cdf3ea
SHA1 df97d01d1d2356cf19cb1c090f75823c1b232de9
SHA256 9fc62bbc58fa281f9667d942035c04af9bb3af0b07eea00a7c6b09c562be23cb
SHA512 3bfcd981ee25ed18c2851f91761720a503c0f26118f340fc7dabf43d54546a51c9700c54664ba41e012167844c6453f04b27e09bfa55b61cae2ff4b8db01c393

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2950f6aea3a671c13fc440faf4733481
SHA1 e45954e98b07885eabd4583df88405fd4ffcb477
SHA256 18b109752f7167f19cac40c6d78586b2aae5826a31c69f7a8f48eb3aab90844c
SHA512 23d27359c2777625898c3517e1c4c5ddff9a730fc49eaa1383f50c6026881937c2d4fe803c49b84a760a2db622d9a28158afc638617611e681abec6fb56cf83c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50d9287abc0bebc7e6a93f92ebb88a22
SHA1 058817854f201fedacb4b2456f7fbb9583fcfcb6
SHA256 459049e78624827f3956a85c5fb08b7773e9af47427fba86c76fda3655ab9b90
SHA512 3c0fb6fc0c30a2e3f47a39aa349930d18240953ab370885737656f30ac15d90d234b3ee4cb405440e7384aa1c9b1546500abc8b852edb9f5d7bb4ada0c8567eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 5136c0da506ea611c3629be2b948ac1d
SHA1 cb7d7e39ff124b8196c24c4ec74220eb22ade0dc
SHA256 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed
SHA512 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 b0da405c68688a18b152e0bb648d85a7
SHA1 c09fd14c4506823b42db1bbac68eddf5c9d744ac
SHA256 5081d90f642996683d443f73bd659a6bfb08726cffdb7cfe1d44df65e81e2555
SHA512 2238b24d1812feba364e99cde6b39bbe58fa18da76d87ef923e659f68d6838b3126b77b45aa9b9b0c833f900887bd5483a0bb8699dcc3a6217dc4eb8fbfbf0fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 d4576f98cba18c5f042964afe0e061d6
SHA1 6890358761a4f90e9519cbc06cd8f999d80a465d
SHA256 4446d72198a14edfba41616ace6878e1a24aea2beff2e8ed8e71c3e092efa677
SHA512 afd5518f79955ac4bba302606e4baf37291f4242414936407f11b5b00090d8f828b88f326aac7eedc34c224f74f853f7b7d259de2a75a4a096562c9c1ddb4bd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 e17fb5d98be6e7fed12acb95bf7da534
SHA1 b4d96dea106908aa01d59f1b322df35a0428e798
SHA256 42fe255d8462ee9208e69de9d020739d42fed9542440649eea3eec9ade784525
SHA512 01760c3f8306d5ff3ea7ed4acceb20b60156dfa68e71a9f4ac7dc26da47b467cc0d513ddf486379ae5521cef058e906960b67041713c32dab00d8299761e1f5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 862058340c2596a6c003b5d2ef63aada
SHA1 6c18a4874f1863f184df198c673af17f4ca4b926
SHA256 c7ba25555d7b8a117a0cf9453240a5a78d4b85b0cd3e88c720f6d4db3078005d
SHA512 075233f0e5835f7b4c780b8e95f381c69270be24108eb949c72455e89cf20df2e144e57d76a4c0e61c6b0c60b513640438e1408e32bab147d3ccc9949a56d601

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 6bf4301abe04c484a31df4bdab7785da
SHA1 5dd6123ffe3bc4b9727f28600d05b2876bf421bd
SHA256 9ef2f16fd4933e6c0ac051869a3ad2910edd0ca6d90291ae82ef9cb38a631f56
SHA512 21d974f9552a877d6589516d06e6ca62b376232fb9bac63063a7d8b898ba15c7fd4af39c98c7c0eaf1310486340755b828872f87c7f0460eb1cdf0983ec2da9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 53d960063761d7bd2cbd194171f87efc
SHA1 9489b5a62bb6db70baf986601b959418b11af3fd
SHA256 e676f1064e44d6e4ef91c81c0198cad7b9354f4affa4046799d1bcc982b96be1
SHA512 6a2e783d2990c9fde91e0e68bfb70344ba33c330cc1acd9c5b1b9abb1052a350cd344f28ef9c22c86783ab9fd2a3b0322104e69917029d492b5c9fe1bf68e4bc

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\api[1].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 67ddeb671c9b21b719cd01c0b7b00afe
SHA1 6be2c10e9a3b8a6dd48cee782b911a767ca387fd
SHA256 16d2c66f0a8b622f4f0bb0835f14fb9693d7ad428b22696c83b40487f98f07a7
SHA512 c4b8dc56833490935d23ec680d9624ee10630ea89610c0b533a278a59bf9fa6aee8f8bc2ff2dacae9ede2b4623aef741edefeb2828788b810471d72b100233b3

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 c5a668f79b2728f08fc17761c00cd1c2
SHA1 9c40db812507328f28ea5b554a696b08f2953ee1
SHA256 449ef60ef451a0bb81d278fdb8f82a77d0b02ad5957fc2ab508050025f54b7e2
SHA512 657d0588fa6f84086a0e1642e53ddef8078ec47562992c464f66ea1a65d0da3f81548d11a87afb0a8702b74dfff8f83e6a08b96cce618bc4f2359df2145ea1c2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\js[3].js

MD5 5dbe81ccf52e9a6441e3c5615ffdde49
SHA1 874976380f6bd66ed1ecb5fad1d35121bc447988
SHA256 671b54787bc2e4a6c139aeaba206459537b23aef0fdf05d189c6bd4c58d5c1bb
SHA512 6661ec7d51031809a27767278ad6e32752aa18973fbad76ec19055c8000cbcbebb8f1bce4689ac686bf5856c910ed2762ac7c23a1a5f2b2fd0a7781220a5ecd2

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 59ae617e757c2b1523cdfc2fa93b024d
SHA1 48442095a980696e9cabc7b4ed2e8d127214ee1d
SHA256 10727af558885e1a8191f403536ef630209434d8c283759ab731675643a3d3d4
SHA512 c3984cc66f58bdd34e3839bb3163c6980a7d406d787f58db1f50cce87146d0eb629e0c57408975467810850c72c48328c2dadcbf633f2d54528c630c94f4d823

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 748972da62fbfed557a0c92d289b4393
SHA1 79178b4cac4ea2067ec763e86d0a077b6e9d3d0a
SHA256 81899b77c3f6a70dbeb508474e01ac5cb865cf6044586e41328adc4bd3979859
SHA512 1706200473244c7f2e307928a397dee79af9820339c8d52df6a10712004a28c72210a544227578a7f2ff6fcec82432c63bf6adbb37ea72a3e67e1ed4f37d9675

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 e108b81fdeafe23cd32e95f1b3b62911
SHA1 7c73d362dbf0c787153f926d0669b292cdd9040b
SHA256 02173e63edea07f3187d717f448c1dc0e70d13a3410c3ab308b368fca8d729bb
SHA512 04932275e9b114da9ea2241d3bf3f60cafc9670a7a1bebffd0a4222d5c41d61d7ed48e2382ad96dfb4597c0536e5b310de7224fba12c599fb0bfa351a0aea80f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 d156effb539a2d13dc9269c229999122
SHA1 f3df32267290c288ed8532a847866181220d32c3
SHA256 a5fa88b8f35084641a260c2eaade4c29596f548b305f8c75b9aab15f13fe8b74
SHA512 c128d2d60ebdf8009d43b182895aa2b82c3996d71e2b53740ee29a9207244d2d6fe0494d4937cf7d16d8e6fa9e6adea5118572e8820381ff875464a9ad79c315

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 2aa7ed0d45d50afde6ee33eed5bc3625
SHA1 7f8b54f02e3039db4ced858446e139ae36a0ac43
SHA256 9110f40f0ddf03f62b4f71f4b706b529ca1dee41b181a6ebee5a4d112bbca962
SHA512 9f33fc8db31788ededc7a006187fac61f300fda8a6e5e56c2db8a62077429d2d4275d002b79679216ac3fe46df25b8bcefdc3015967c41fd89e11d370ab4b609

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n4uupnw\imagestore.dat

MD5 12cce9157e466b87b10bcd1119ff3b11
SHA1 439fd737e78615b0d2c154ec87656231768f86a9
SHA256 b3caf787291b0d106ca1ae9b1e992d417e31536166edd507eae1fb3120800dc3
SHA512 cfa8e9795f64ca8ab2c6500fabe97786d27587a5e4a48e7405b00c6c6cd2c79f0aa02fa9109ce785c304cdd661a574358532e15514af358d1e1738b462402343

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 dfb49b9c41faae9b6131b32a3c26c541
SHA1 6b8915916a80c0202fd1c3579b6839202e6dc8d1
SHA256 d741550bc93156927c48fe3dcb33ed37b26e8225156fd19529f0284fb201e96d
SHA512 580913602c54101177fc2a11b37db920679489f11f574485852730e223d08b678e30151865c29890048ee3d7eceb2bb23d601e2c27517fb448ddd1646dcfb541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 689dba8a4d0808ea22ae31d61337b773
SHA1 db04d0ecb03f2ecc9da1ab56532ee1202ebf311d
SHA256 6adffa1777a89c148803c26f26e86f1133a52585a78e99c0ea5a377610a9bbca
SHA512 24cbdedd86c1a31b56f691fb8387cae0916ac98aed8a87d7b01bf8d31fed56a9861dfdd9b27360ed10e9476161d7ba3a5d5fcf432ef1fbb0895b83c8acdd6c3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3b4b142863f36dd9953438dc0e211ae
SHA1 62fee4d5b76ad8f93838ee539dcfb030b2bc6dda
SHA256 2793eff8b285630a0daf123b7608a0b8615f25949d7eace0998c2c23aeec7789
SHA512 8992a1ba49f7d709f1b289675bdfe9df28be2ca607ac4b8d4e333f4ae44af656b4a3fbe3b8667f298204fcdf591d0b5db8cfe829fa0fc28f1ec0c70b1821f536

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d99bc99ef4c50278fc81e6ec1546bcc
SHA1 e7b3cf132e17a3ae999f9508094cc67cc4ea21a7
SHA256 3eb0a032eddb76a8080094d95baf4921d9c28e8cd45f0267ce076bf4f7ca7c67
SHA512 6a92061d04c8f646de19443a9873174d137a1ef7b099a62b584ca5b09d86f64e55de5ed44e19f33c4f04689def8c5b367cbcfc7999bb36950b0514810350b503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fad703bc849af2f672d07f62fabb8c8
SHA1 aa5ecf49286e9b0fd3e706c72d4eac1e2423d13a
SHA256 6a996a129bd4c355607568ee4df8e00ff656e7ab0296339c47fb188b03a6ea79
SHA512 9b05ce61c9d3733e997d708dc2b4ba757543df1ab1eee8d728e233d5e67d7d9ecd1317f447f1bc14fed6d36936a284bc204151808a3bc20fbb354c9cdc2c1204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f95e0e1c99d3cdfe2d1fb9d377e39186
SHA1 7d7cb0b7786d09ac3075002e2977f7351c8e03d3
SHA256 44e14847b5afd28ebb02b4a15db8f061db5797e3c71426a7d806954933c04b5f
SHA512 414e5ecbc6a7a946edfe785353b7afe50e3370638bdbae32b35d2915e1e5b6d2feba9016eb06dda175ae52e3a771568631072cbc7ddb9a097898183c8156f97f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2c07019ac828ed8b0279d2a59a1c070
SHA1 07de37c2928295048c485535b56956823c04d9f9
SHA256 c1fdce9f6c00176baf6b1fca97c78a9b5787af2ae24a2a3d8e4022590d1496e6
SHA512 99b1a335430379d9c8b6d2a38146622a93bee99accea259f51761c869a4697273eaf4af158024c4c2c974bd4964abc26b8f290380822b09db39d0043cf97f4a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37066facebff8c3a4720063fefcf7f25
SHA1 8e20a68d8e8f626faa10c33ab163eb4fe9b7811e
SHA256 3c541b105cffd520d897d31e2d683051f964cadceeaa5222f39a32c68945505e
SHA512 8a001f7c77f08ec77f99694c47a55f2a6aba68262d379b3bdc8384c371f0d16d10a2bb95d7e585c6c6b0edc32c31c963bbb0d7ee6bd4eae474c664974254a48b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2158366d7ffe789f23bf10ec00ec258
SHA1 405d1ed8d085f648fdd33a20016d2dce77ac3cf1
SHA256 08386b732f8b6b5881d4216087ccd021918e111cff3ebd062c2e9090a80d6e7b
SHA512 96a561c98af8d61d47729c2c0d8c4a1e0635ce304a32bad153af7587bbc68433ccec2f5d80496f5dbedd5fe34a0db2d1be9f65c22f3253df2e326f5367aef097

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7bc160d94e782343c254bbcd01df024
SHA1 977cee72900869ba35029e833664d1a98c26e09b
SHA256 9d7b3126c7c8b297182d5638b68e437517075e4d4eadbdd8adf102e06db7b9f2
SHA512 7ea0f515409196497b9c798aaee9d9370c919b0843575e5e27576f3a7db5b500bc44d10f6f26a2c893a2f8b4ab8a4adc04fdd0ceabf430e14812daf28b61c4af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d8f362998e77c1a1835a6ceb38d78bc
SHA1 1ae359871dc04df5dab5b4eb63ac050934fc78a6
SHA256 7fa3f2a2f3a118a28a5e31fe4ed900f5893702b981b886559b9869519f2537e1
SHA512 440a36ee6288e42bf19b53368c867825400c8c7916bcb70e13995b2574abf47d5892d5d2b4ddd2c01fcb311efdc8161f577c03344286907bcc8d5b7c38dfceef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 13f9c54c138335fbc6556e2eeba797a5
SHA1 0d3495d77eed8492213394e4d9ac8882bcd236c4
SHA256 d3713e60b2c52832cd343286289298460ef8d112b7dc8139b386ce7d68c47b53
SHA512 abb1160447e57011691f4aca25a01b1da771ce0e745ca72edb90dfb0baf02191447f6ec6887f17ed53d14b0d18c9cfdd7ca3415adcfc97aadc84ebeb200098cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7514f295f012eeaee868c5b24f5ca3da
SHA1 ccd3e778d084b3cfc1c2c7a1695606768ca00ac1
SHA256 2371a4c3ad85ae99df74f26dd5a1455c3635cbdf46169b49c54ab27a055b9523
SHA512 26647a149587599616045ff0020cf6398f849e9c9930346a1ee4593f33bb4db2d648e56085eefa0599a0417125d24bea0034b73e86b30fe49d50f8c65010819d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3234bf9cb2d8d58c316db59ac9cd83
SHA1 4569bfebaa5445fb9398d3cfd274d134da354c43
SHA256 10c8060f60053bc783cb5b1ba917c57e15922aabfcede8b6e80578eec31f128d
SHA512 6e5d1a95e2f15c29162b6e7cfefae4b43ad034e7a707e0889203f8789029a40d9aa19bd55c90f6bee27232117f84650e5e10a70868dc590ce8b308d9e244c398

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db56b2fce7dd983c6b61d507e1106b64
SHA1 f43f29cf9deabd7e85177a4ad4ecf0cda5d7cd7c
SHA256 521da3bd7d7e601031549926c8e14731cf5797fd40c42e11cbaa42c7aaeedbdb
SHA512 eba010b91e8e6a55247c71fd9b3b57873940a09a55ea899da6edc896509f4ec83e6cb9d158b37b90042703cd663860f478fbfb9d366532192cb3576a412b058b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e952c4767128fa3b1f8d70d926bca279
SHA1 ba391a2fa2fbd6b374f5e613f846d50470cd374f
SHA256 d97333827e4fa81f73027e243701bc5f305d709eb19109475938c61a043f7a36
SHA512 86546d3865c19f3442af4ec55493abf5f68a3394464098b5d64528293d8543a931d7540ebcbe63ecba3641d49b212151ae5c81ddba2cac8b1c604a613460757a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de8b13628fbdbdc63307d034b24b8db6
SHA1 07107e32a2fd9320a30db7802f6123d9d7f9d37e
SHA256 c5c57bc0a29e059bcd76b88fcd3c930d2faee3bf9902ec83627619f86d23b31a
SHA512 9fb168108ad767c2aae4d1290b8f540a83474e02985b932f022792c799d2cd2faf9804eee01604f82b9036634794eedea796b7bf6acb701ca00c9689cc2f74f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c695d43235f7fef045c0dedce65b17b
SHA1 222a78fac27b2838c4125a53c83e032aeb6319a7
SHA256 84f3d89f79f06e2bc00411079367f17bd34c101ff71e035aefecfbe22db756c0
SHA512 4c72b122d212ecb573f25a1079959fedc4f8db0637ba191b417bd5bfb9ab6013f57be7813979ee08e51207e363177723a4cee554c91a858f57fd90cb800f850c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2a4b75a89198c2e8cce8dc2189944c16
SHA1 29d10058f942aa6e5406059ce4f9a9015a99f15e
SHA256 8704a997c4317926ebaf295e499ada612dca3476776fc5f10f11391ea8a8181e
SHA512 e55e2572215c2519dc9a2ecdca1d94e23338911e00581f4662c7ba6211c8992efc8931b84f95960e17001e5eed29f0e2d00ae08788598fa3244cccc89834ccc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa5ab081d2c547b6067eeafb43431660
SHA1 dc744911c1e48725c0a2dda5469e520b0b8509d4
SHA256 ac4b44fcd322bcbcff1ba528bff98bb4839409114b39e59ee7191c69d4ba3bdc
SHA512 f173dd23dca5c0a8fd9abce244aac6a4ca87bbb4e32ea6e4a5b5bc09f25d864bb2e550f1f350339090577e336049dc23fbe0cf30afbc0831aec284435cc5019a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0317f6056cfa0a5fc47533e59fe5f6a
SHA1 a5110c0ea79d41d565e0f3f018d91aa7cc5f0551
SHA256 bc61d76153290bd521d5028454e61e723f9e4bb34672a989d4b7fe2896b0bf79
SHA512 1a24e3fb9ce444a7cc8d418334a1397e858595f1b33263bb61a7382ab03a198348284323f693baebd5486fb939d7e9cd068e295c6889043be277ed8e39cd0f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4d4fecbf3c5e819ab8c6b34b30b0a41
SHA1 3d170e44909875838546ed2dfd37525078682eef
SHA256 ad022c0272f37bd99c7c4d25203e063f077a9d6e0bf658692d133efeb5d6fc55
SHA512 c6df2968a742dccb75b31f3d0acb3761a92976eb5c12e61e87ffcd36667ad20765a99fdf209ff4263cc012f321e213b7c4718705ec76a940c238163be0e0616d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\ga[1].js

MD5 e9372f0ebbcf71f851e3d321ef2a8e5a
SHA1 2c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA256 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512 c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\15817fe8ed125932081b163388897a93e3792747318cd107adc2d569e8bf7c7e[1].css

MD5 5da20bb16e7e2cc25ec78c1cf9fc2d94
SHA1 ed40c12802de918d956fdc6461430338bd3265b2
SHA256 99f88b5837119f32ed7e589bc241c91b58a42281cc72390979c376f6e7514345
SHA512 893331e206092f9830a5284e3c9aaec581c0e146857bd7539b50bde67b3ae40a92f71d78a998b6a07e0fb7112337df740ec245c840cc4adec3d4959ed11ac6f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\b8f8f15a57a66e73469ae72eea7d8905346afa78b9f2397627cd099f7dcc779a[1].css

MD5 4822b35d6907be7deb782a70cd7d8ac2
SHA1 1ae9d83eb6fd731044d638013370ab016519b7b5
SHA256 55fadb9d729a01259ece92f76daf5defd5b86755fcf3f1928fc5f2eef61fa0f6
SHA512 171f93bb091c0fca9efe8a7d5818d0b13efadf728242fbea9fa7497f959f433b8c63b4e5961a3ba80e8f3ee3c450e7061aba4489ae480df595b0a07599d895e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\da45920fef8b22d35ee6cce0702d290241252fbfd99695e2abc0934d20de0974[1].css

MD5 b99c303f3ba644a8a6c5e5b69a96809f
SHA1 de8bbd869cced07d0189e48f990d2b04a380eac2
SHA256 0569e3633081ec425333bdc8c58d6a06254ffd1e30a79afa7a0eea47c2d0c78f
SHA512 1bff99be3a413eb3376a913a7916be873d15516cc3358cb7f8dbead3574933e538cc00b8021316e1626a52cfe41a9d6a2760f1a9dae9d598a4e87fb38a8cbfc0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\2c2a709240897ce382b7ff55be4347cd0994ab1e2d6ed3b56649e54b0e97e13a[1].css

MD5 e8f199f0cef481db4a12c2e1a3ef3fe3
SHA1 fa8533d7f01329a48afd6ed03b5eaf5558812a69
SHA256 de4d5f622b0d168175e83197607d670c2ce8e1f4f2653009a97bd55d6bc3b11a
SHA512 c165b6c00be0d358502d54ed5adc69826eb01ed751a0702dc62e7c207247d69a06c119f188ff55c58a68a44ac9a1505ee5711ca545b1fdd096aa04ceb8d36d84

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\6edb2191aa318f963253361b43d2657a04b3d16e9c28fe7b22d4a4d5686f1cb4[1].css

MD5 1fa2b76195265ddbe69d3fd5ed9a53b3
SHA1 4d2aceed14d021ce962a5ccad5a8fe0bd2d6a29b
SHA256 e2cda1d6e9df7af6208ebaae014fce5b4e3de28b07dfafc63e8afd20269ba592
SHA512 6c11b8f2949f1d642ce58bbae034cd7a22cd731e0111019769e2b1079d95e30923f99fde364d0022ed1c5ea6434ccc1b2eaaca4412d4e0721c85a73b8c0d904a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\08def520152a575438e73a81aa9a310c2415c327df7b624a24aa6e794d24dba3[1].css

MD5 23e12161d0fe06e8be36968b15bd225b
SHA1 3ac9909b4f8227a29981a008cd2809216ca04fe7
SHA256 7f20f213d19cf5d49883b2ac02c45b3738a0696e9f72a395710ef4b93e395ded
SHA512 661d0308e5c57ce02d8e46a8cca12b1dec9c81e0769c9265eb4c530b293a996f0862b4a28df36bc952569b3a14cd90ac1d154064fa2ec48b7d5d2f9f178964ed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\d584565dd1339ac8a09691938aa4cff54511f32a9bba1b9f013d6e32195b4f5a[1].css

MD5 b81cb3cec48c6010d0bb096b5e635ff3
SHA1 9225d106767415b2f8842801f432ef4fba7e66a4
SHA256 38cc1c155acca368b88abcc00badc1947129ab7022d3d3dbb07cf147ca5ae6bc
SHA512 6dcdcbc5f336224e71fc413a50b657e2408da9c786ccc8c622443d0c8dfe8a0350781b731ff2db47e517dde1ddff9b4f7e1edbe91157ddac44d22c5f9483b548

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3c4bd9b17b9020d9ebc87d4542a68a949a9de6150a55a92f0e65514520ee777e[1].css

MD5 3306ce36a2916143de21338749091100
SHA1 e18d27d598c5b05097fdde260939e55039dbc480
SHA256 95c73aed10516aca84774c1858f4dd2cdc9c9d3547952c941cafc0cb2e72d46f
SHA512 3b3a5bbda0226232bd08f9f4bf2956310387a8fe18e87ebafcb5ff452058a8627e5da3eac34248b21708034a722d97132fca48976d789a4a249809680f4af92d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\68f976f4a3f8f3a6aae074879170e579451270e693d2361491b1c1bb9ac5e4c5[1].css

MD5 e7aeb2ae4be8e6a696b3e1e38205b83c
SHA1 ff3985f26ab7929aff563b6005cd2e9186cd876d
SHA256 0423c2d03f807a77aa61cf3127a1ce430a3c1ae47a7d3c22471857b600e3f156
SHA512 b8489fbc16fef28f12dacc446320aad71a18b7f5a70b6c4e6436e71d06a30105915400cfcef096a8d16f2687b3ce7636634c63acfd8f3e4a8bfa709dfdfb8e85

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\d5a3728b78be729b693aadf79a1f45f0fa49c15fe863a0d7dd631b75f9e82207[1].css

MD5 9c33609893ba704e16ae19f563888e5a
SHA1 9bcc2f77c6e9cdf2842b5a5ce8e8d236408a257c
SHA256 2ccd7eaf7c0888ceb1e968925904718ef6371d7e00bcb60bf9a9a2044104a4b2
SHA512 bc2bfd0e1a6f498ac4200fb94a7ac06899ad9fa61b6ad78b5c1475f1a14bd7a52db3ad34c06695a10e290424d13ad43f3df6100873c588f5c64944452c32dddd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\772034db167d3f4260047db4a7f2b8a58cf448709327013541e47c8962b6e556[1].js

MD5 9d820d1a7b2108579da7302ef37531b1
SHA1 091d2c110700001859da3d8c763ed7d08429d06b
SHA256 4d2f70d0cfb86f81cd532910fe1af8e18d7d2f029fc1e7cce680d2b8cd3a7679
SHA512 d23d0ce48f340dabd709dcfc79bb92286ae6bfe4f2ed78f093f7d14a49b4d9819083c03c7819c67c2bd7e8d483ad6b000f9987793248e855301fdb2cf5a213f6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\4db2f741b7a3ec36d11fec999ce33f708ae85641cabfd27e11e0935928f7d9c4[1].js

MD5 92ee80da236a62b17856c65a02e916a9
SHA1 00082c564f38b7fef6f5f013f79d44166009154c
SHA256 541c4f65e7c57a945b620885428d10bc30d0373c192302c9911541064718a4e8
SHA512 8cc7d463ae19febad1c023bf65612970e94d5798d88d50deffebf1a3665da956f7db5d946380eee5cb23d534837600c638ac3092f566465e422fb6b16adcace0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\97cb9ac7262155c329a259fce9f940f9bcfa852a6a1ccb44bd8a41c31e84e54b[1].js

MD5 1b8fb85a5d25b08fced195d7bd30cef7
SHA1 f8b583c3eaebc54c6bbf89d94cdda74866e7fc48
SHA256 20d5b09d6c517819132cdfea7884d988f450e411916ee916352a169a826c8cb0
SHA512 c41cc155cda417df06686a23bf6ce9f2d531523188d142aefce06626ddb1ece3f701de9c9b1f60fe569cbd05caf4522c705c90a011662a2dac3d00fd7d75c763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\edc66704bd1974195d8c60f4a163441bec82f1bcb11c492e7df07c43f45a4d49[1].js

MD5 096c52a1373d3402d1891e78a72ff1ca
SHA1 af06578e590bb4bdedc93e2929d7b93aa3965cba
SHA256 3d6ae062089115769f8b39aa37e26311b99f256b82af68aef72a1f725faf3168
SHA512 d62af442920bece0304b494ce9a04a7222e69ee5f97b50bde3db333ea807530a235f3076f0ab7e08f5ed6adf4c3cf897e1ea1281d3fec45dbcfa6b1375dfbdca

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\adeccc658a8d5ddc63fb224cc0bcd3e29b73d70db3847c0379426bfa128d9381[1].js

MD5 9e6058494cccae8c1eecb3917c9e47b8
SHA1 c4d6f09a7cfe8e380e64e7bbd57f230ecb422d06
SHA256 0d5a48a425f1afa73c260137e2ea2ba39491ae5dee9277f4882a0eeae0a221b5
SHA512 fd5c74e32886d06d8b790dabd4dc8734b51d263e972eb02a9167eabd7c0188cd2b803e3374a656b250f19805225445a5824a84569ede996f3c83b99e92ff1d30

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\js[2].js

MD5 3878ab63cd7417084fefea8a17b2ed70
SHA1 b6dcb155378be8dfae6e0dd178e756affaa8c68a
SHA256 4979b3339c9de68f407e904243cf0add3f62cc989b69ded781feb7dc8b7dd5d9
SHA512 bec379418c99c30a54e359c97a662d2b20e8479a067808d0fa3f9afe60d1eaa599ce84803b85101d6646f6f5fb0b22ff3104578a339f9a9da4b553ee28b5269c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5c779fadf28d7893108d5b896e092e0d-GothamSSm-Light[1].woff

MD5 5c779fadf28d7893108d5b896e092e0d
SHA1 9e30dd79b35c884925d8f4b8dcfb4f30f062cd10
SHA256 dde254a5345aea2d61098d4cf6f89af4cf1fe11b69345ba7324655b254ac286a
SHA512 18ef9ed6f342f19ff2029f999798d7c8a0c68b022fd117b24b883f68adf85b1d1245078162a3d66db14cb92beddb5be718d23fbc4171f22da2f4e76faac81150

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3ac436cddb043616a4059aa6fe3b0c0a-GothamSSm-Black[1].woff

MD5 3ac436cddb043616a4059aa6fe3b0c0a
SHA1 feaedcd1f6a04c709c042d27e2989feb7fd8bbf3
SHA256 3507166f4e17a878edb60bf631000cf684894aec3e340627ab716c0da94b2743
SHA512 d15ccc385b87b170539b99a452b654c4479b12684dfa33e0cb1f85caae2c7a24f640354b9930d0867662bdd11085c227f46ab5a9b1b3d261f65ad33faab53ce4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\fe0e9885efc341b17f7e600781493f69-GothamSSm-Bold[1].woff

MD5 fe0e9885efc341b17f7e600781493f69
SHA1 424c8cf3af83a269579cfd4c040e6eb6f67316f9
SHA256 be7c8a03cf754daf4ede018bc98b4c58c6224b45dfb15e639996c9345e61d905
SHA512 f7152efaec206cbb518b1f48fe47b79c12a1b88136feb4dc0ed0e8f8b3fadb36e6994608e6481093883439e9f3c5792d86b4f64b13d4a3302b178e767abb885e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\2ed7693f8cf4d79466dd604c35502f76-GothamSSm-Medium[1].woff

MD5 2ed7693f8cf4d79466dd604c35502f76
SHA1 50f205901b4b50b777ec024cf1142eff38b92d21
SHA256 24909631879a063171288611fba23cd68ab3bf99f5bb8646e297cb0bd7040379
SHA512 ecafec254da8765c894d359600e738e6c82d0da7bb1238723d86674d8d60b70d9f3c9ab881162f06a90aa3922b692817d7fd069b95cd654670a494dc5dfcac18

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\713e0b3a604ff4e44f55f9d1c100e8b5-GothamSSm-Book[1].woff

MD5 713e0b3a604ff4e44f55f9d1c100e8b5
SHA1 b024711998cc92777241b1401ca39c82565f2d26
SHA256 7daea40b38c44630a22ed4ebdb0502847f58339094089865025e0909145deb01
SHA512 f6125a31fb7198ac12027235c92018fc085859423ab1c1ec4d2bb75aeba317b49e7a17727ed106539cd9938aaf6e4296862c228bffb841e1ce372a91df907c02

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\d44520f7da5ec476cfb1704d91bab327[1].js

MD5 d44520f7da5ec476cfb1704d91bab327
SHA1 1ee37fc25f13918178b67c51e3e0776fa8f69ecc
SHA256 be3020d0ec0c5c5a6c49c2b49e5d7bb4292733c958f61fd3d54a8b282f9b5b4b
SHA512 d1d4f8ae3e7fb7d01df0949b3446c36be14514071c69c2fe7218d11ecdaf8a56a732391035de9aa117897c27fdee4a04d8613c9940706272d119440cfd2cb7f4

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\f424a786e3d883cff747a034605fa09d[1].js

MD5 f424a786e3d883cff747a034605fa09d
SHA1 4a103acc6e8aae01d16dde9191a6e98cb9c61729
SHA256 3815938b03f2c83c093dea3e7d8f2efa5d915bc01c1b331e8b6b517008410e28
SHA512 626d7c2e747c87b952494c23bc5013cbb1158be7183914263e5ca437c1835217df728e04dee543a3cfd431ae787c815bd9afcba8cd37ea90572d6626cc47ee92

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\95044be3ff42e3dc429313faca1316cea62f328a39e29689ffeda9002f3a8bc6[1].js

MD5 4ee607ed79a8c978e7086df3a746f907
SHA1 89118f719b63bafa0cc58347fc4c4b53a481b141
SHA256 b2ff65837db33c8b8e8dd59e01f3f3b094f742195c8d6f217c783baade88307a
SHA512 148cc5adb95dce871728914774c320502657d8e49a72794d60abbfb53958c373175a3697b4629d81f15ef0a542c5919669609766a976917b4fc49ab5ec99e509

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\83d836a661ff433d5b7ce719c489e43af590ff75ab39ccc6d393546fe91b766a[1].js

MD5 3ee7ef4fbd7fd6a8598053bb1c9163ac
SHA1 477c9e17205ab78bc62d93a04874f0dd2d42f503
SHA256 31ef50611f6981b083bc1c17f1a2d9df1c2b1722d63548902000e47dab835c65
SHA512 209ca44ff68bfcb676fe7675d06c4de32c0718bbcf79ffb8b3cb7b9d6b9c152f95a90c42324839a743b8b8883aefb4f2560e7b19a90c9a7159b4dd185e4540d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3c84a31c3546577e47417d37f78dbbf044ba1d31fc4386e48673b9fc319c1851[1].js

MD5 3ce848a933bb217db0cda6bdd81e779e
SHA1 f08a091c24e0b3267e7f0e72978bee04aa24b396
SHA256 74e9744c8c5bef3a3d3e28eacddfc8b3d45e2159aec906e925a3bb60ef96c7ff
SHA512 3e04e2aa60c417ea5fed6dc11660ecc6f5e74c096f5ca65f4178973bd2580cd354edc687c35b76673ed5f61f93c10e4aacba999c1d2fbfa6b1f245c90e664ecf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\b79589d3dfb2446936aac95605deaa507ce5bc3e09073bac7dd04872880694c2[1].js

MD5 6cfed30cdb69f19c15da9442ad3f8eb7
SHA1 c0e81e60512fbbcc3c50c9759f4105cd5a442185
SHA256 0c9969537d1177c77bbe5ee1670a235a8daa10d6f7e6ded34c2b5c1ce3c56f53
SHA512 eb9ee827c5944cbdeb0f4adb20f152df483b5da77d2ae995e890bfa75da83c0fb09ab059b737190f89703f424ed406acce954583c428adb93d0ac862efdfab7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\cf340fb618d9a73913b30dfc624ae60d68b9e59723746e6c08d06d14ebdd6dca[1].js

MD5 e635901144a084ea5240665be5baa113
SHA1 2724788f7eecc052c60a594b5d5801e988fb5426
SHA256 75b3ddcbc6f99b27f6b577d7995921c0231ee1ac578f6f9bfd869c21ad973b6a
SHA512 4043d80e5999d8b04d9521460539a23baa831d5df668954552c0181c1bd06ac17f21868b2a91c2f6d9acae3f3e8d825afb17b1488b26e74a72d717764f4c1b8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\0346acf635cbe0dc3b71af9a6be331830c5b9a2505bebc4dba6299d1f463de61[1].js

MD5 7fd0ed1f62e7d9cd7a811756afa3850e
SHA1 5e9a7fc74cd42d6aefb8fd58e7470caaa1591086
SHA256 b896de417b6b460c88b81b3bd51651b9ac8a315584602229569fbebfe4c803ec
SHA512 667e128c49fe10c01f57efa886ae9d3e71af02f24dc84e470adc1f3759715292b58345307bd4073308e4b3ce49394262b247b53dd2ed62922906bae24eba966c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\5259cfe8a3e36118bd61120693dbba3ba87f2c3641f84bb07e29f1d69fe87523[1].js

MD5 08c66093a701ea84318ba5ad26752a61
SHA1 d244d4c153c2b0fb39eb3c454fae6bfa4f296595
SHA256 524ccd7b4aac1d1232bba66f088c8ccdff7edbde4ca0d5fa02e3e1ffcc1fb12b
SHA512 31d99eb9077846a516a7040c0c6eb0e807426e754866e9c19b3f995b935fc1a09e05759f4091937c27bec59e6829c0f886f23e3ee57e2015d4b122192ed30faf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\ae3d621886e736e52c97008e085fa286[1].js

MD5 ae3d621886e736e52c97008e085fa286
SHA1 31900203df1a406f70a07550b46348a93f222b78
SHA256 1392837387676c45409ae3b5b0bb4e7d07d57d208c2107bd06e006e0a8cc7eee
SHA512 ef30245df2b389af1b42a4c99b7987b4e4710d7474a8f278e97dce545d201d18b6c2276bdbf8ff0cf96960b6877600e974e7ea3b651cbebd8aaa2da600141d77

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\920fa8d7ee325f1b215a11d7f3729d3df89fe6164ba99818ff26b3346f6c058d[1].js

MD5 e9ab1060e62366198c15f21dbf3120b8
SHA1 31290569ede9807c993249640ffed288a426aadb
SHA256 8cd530bfd624406ebc537c85d86508709ac7b929d9fb2a6b0d6ccc4986b8c8fa
SHA512 895268d1a40346b32b8f69dee3f5e27d098b0a1f82ac975b6ade771eeb4572232d932f647ebfb46ac84cdcfb4bc0109c1b6b60d385d4e77bcba43654e2883084

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\90f18784a43a70553e967191b948f70b0193df565f1605762c3c1e245ab4b55a[1].js

MD5 c49e367328ee66735ee008dabf980c13
SHA1 42e2b079b242cabceabd36993c10490db726b622
SHA256 69f08d5377fe083ca3799a7748dc20225e745a0fe259da250302a621764c3f56
SHA512 ce8fa6e90de3bddee318ca14df8cce49eb040bb5ca733e6236c193b901e3e130979331d543510f53cca0768f234cb5556c3995134ceeea0eb99a26877b60051d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\d5ea02ab1f95cb8aefa0a3f4cd0151b4220841fc448c2072d3481d95017db6ab[1].js

MD5 c8daad5ea5bb3ef8eaa734a68f47f603
SHA1 15b752c7fd015f31899ddcfe22eac4f056b88ac8
SHA256 cf5534f80fc48f9278450a2cdf330c0675290691473087d8c1c726954073880d
SHA512 14d3c11e416754d00f125725432707f8caea737a84a4810542ae8880aa41e4a596a7adeb0839f1fd6b0d18ca44cf2bd2612039a3cc000c425fd61203b9ee5808

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\0a83202cf5f2310227e607928f73a26cdaa7d5c27f892b99ef51ec3b863a694d[1].js

MD5 d80a3874aef79a69e1a4456d24bf0399
SHA1 a52ce7de477ddfd7eec5ac657a7c6437ed1652b9
SHA256 5645250fb0a22a76505e509ec6c2ca13ffa0578beee92d8731d7b05d26830fd7
SHA512 421fdc1bd864a717eedd6f36e3fb7e52872fba3bda96bfb1afa8119f4a6e30830023805ae65340a39bd66bf6efa826c1b4a2f1db2c6a338c8b07fd2f067030bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\ffcc04436179c6b2a6668fdfcfbf62b1[1].js

MD5 ffcc04436179c6b2a6668fdfcfbf62b1
SHA1 95c03ab35a7c38096ef6185793300ba183ffc060
SHA256 13057336e2107f788b42b26af46aab18168f83398a66b53052ef23ebf302a192
SHA512 c6278b0557b5844f1296fb6f3768b3de2af2ea7ccac8a0a742828f51d47268519b627bd535ac16fc555cccc5e58c3f5f43cf550034ff053fcb1e38300ca1b254

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\1da31fa41317a697c5845455d2a001650f36f202d352317e5ddc1613a262ef35[1].js

MD5 7598f541fd31516097f6600f41884123
SHA1 65b06a9387384f75bbed49944bbc9f2f7f8bf1b7
SHA256 78cfe3a1fd6155c3a6e2e73083f13379c4871e808c91ee15187ff629a3e423be
SHA512 eaaafb169c9f9d84fdd66e6cd5be7a34300d19723fe0cbdb1781b6668b667192b59ae883fe888db321c8382dc29eca92a9b6bd412d942631b129d8637b57f7f1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\13e5aebdae824009539fe2c02d26b760a073715785511060e8164dae78594b23[1].js

MD5 9219ed2a0943322223229a2488009e83
SHA1 70b0b7de4c216074c35233aa1ff6bb900070372c
SHA256 d431ecbca366e2bf113a4a62c988d6305fc06175c4c5f5e209fe9c2f562ab183
SHA512 93b935af58f4fff93ff73f05f582843bd6e6087557034385684e61e09dca5a8ffc3b36b7646087d1265bef04941d905751230f3c1b663de3df43318bb60d54d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\c4b0a446b38285f3db5472340f4ef27d737c87b78348e36dc7acbcfec89d70bf[1].js

MD5 921ac3eedd28fa0e68ea4abc9d34be91
SHA1 bb13f419963d9a557dc23116dc6570b0b4f73378
SHA256 cdcbef4fda07710a79ef3d93e3f73726f6285495cdbd9c2994d921c3cc11604a
SHA512 67faa6d3c442003ad3c36cc168b7cebf5be7ac9d4feb1ea25ec6d54ad80ce3ca0757ea0089b0de4820957e4287f176d041382d4cb3bd8236474ae8bbb00099ff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\57d1b7776de993a3bf8ace38e6efd8f8ce5b9a294362c029990f0cf131548531[1].js

MD5 f2614bff7a65f7ebf8798493bed698d7
SHA1 2fe435c824fc6d7ce227082904edb06f84a2277d
SHA256 f02997b17a11bd547e9b27e00849d785a450504166558f5edc89c593f966fd1c
SHA512 8d1c606cb9f629ccdb19a6d4537427d46a40b9f9ca4264002f3286bd972114ad88f54470651be45becf41e4f45a312091ff9f17eb4e68f86d908aa458438093f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\385a62cb16e1c8524da81c17728733d79e3ad9ccbc342d982fe79352f8785dba[1].js

MD5 d239cf79fdfe81835a0c080aee6fb6fb
SHA1 17fab64ef2596fb37e6eedf00c60d406bbd5e689
SHA256 f161c01df48857b9f17ba71eaa4346bb7a050f3ce207c71c6070fb194ad33c47
SHA512 cd7a0a2ea3759d28afa953c18aaaac13828543f07a9a8b67c9de175d41dc00fbabb9ac03ccbec67eebd066965eb06ef93a1dba21a78dd34c34aa667b726ce69c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c0606e8d6eb4487cdc70d318e6de3d9aaeeb465ddb84acd95139011e56c5e5c6[1].js

MD5 e3553b406af60d93e6ce493cbc788efc
SHA1 12f31b6c0ed5d68ef55908b5aa70df149060f72f
SHA256 827502d069beb137adbd107406a40e2b72246df9141aceff3a09f1e8bb44eb2c
SHA512 b2ca013a1df5c1bf1b302720756f8a31632aadde66304625cd3506de4ae780d3edf70e55955208f0fe3b919dee19f6b85f1b9d3ecd36f343697c837c63ec5706

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\95fdafe5af749e388de603b9ee7f67bb092c3c790badc572db4e2bca0c32b49a[1].js

MD5 00e91f24cef6a93c8f0dde76b7b51e2f
SHA1 3ec7f32af3346df3c0f8042016eb75ae6b3711aa
SHA256 4c74bf2799a150da1b9989eb48ef0560d7bcddea5ae4cedb5fc63526db741fa6
SHA512 d9cad4b13a599b3bb17b65a2926713b4f4095dbe47d322995ecb86d65353c7b5739d570a33ca8dbd03f7002226485f77678f4aacfde7659ecd222d81f766bb84

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c629f6739d6903fec0d935d26a9cea02ff757856d4ed73a83fd1535affea0300[1].js

MD5 10c4b936895ec071d32581f5ef428b01
SHA1 e92d109ef13abfe48ab9bfec55a7d9e916c65802
SHA256 aab7550bf086b5c36a9a4d29bb7d5d69e8980cf65f9e307fca06df460ad09e6b
SHA512 e032b5e6db0789f64413cc6274f392fc9952b82cdf13b7963878e2c324233b21c23e70245558226df06b8824fe029c45b15d91d9e6d069ffb755082cbe487733

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\5370e5e55fc9993ec53b0a4195e82290b8c1c5f95a1fb5cd11a2ec82d5d07809[1].js

MD5 9e2a1059f270bdc220c7a9bcb0cc170c
SHA1 317980f40209c519b4fe1acae5dea6d2a6056296
SHA256 e266bbcc474c5438f536e4a14aeb1ede5d192e353030f25f21c4fff17e16c03f
SHA512 d6230b8608e3db9d9e53f2f7a3fcb9488dfd07c31b1155962242a8d1d62873d7994d52686ea24bc6db2529bd20ba8547dc9e5dd12c4a979f5b6a29ed1b4abc11

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\2f07889e8f290c066b3309491942ced128803f3697b5ed2f5e6149db2fcd375d[1].js

MD5 2a5899e3148f3575280b1b1f2d6ca6c5
SHA1 e99ec5dbf3b0d7b8a584c5d9fcabde874002fffe
SHA256 b3b68e4e05d953842003a9ae642c219abeda2c9a897f358eed102c230234a5cb
SHA512 10acaf95d72347911db2537ea81ca8337274113c483571e9d073907c91c9695526611c197417490d91221eac3a75f6e9f9828f80f998fa302e2f1caee1711b49

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\7693d98990f875a88c91c0385e1b0542bb51913fb34b23f414b6890d90353c40[1].js

MD5 959be10187ff17f4f4b5684a33dcb315
SHA1 003ca24bcd9a2ed3ee644f7b0cabe0d5bf881cdd
SHA256 b757c1c017abda974e444fec6c8a8f182df7106d504b2623a455b03b83292955
SHA512 5d7e7ae709ae373f55dd3f1d6394ce57acbd617208bed1d057b22706988fdf3aff82beb3a0da13cdec87b57b6326a94e77dd6fd80f0db44c08022503c8478547

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\18dede93de3aac02225e1e6e9957d98d6983c39fc9e76eb0cdb05090e5551f95[1].js

MD5 2434ddd0ebe572e9bf091853be1d5a7c
SHA1 dab1977b6150c25b8365ee20e8dfffe4125f3f62
SHA256 01f5176ff6e2a06fc72863d208fb9e0fef024ddd4cd0897548fbcd5613c591e8
SHA512 550e348403321dbe2b56848e95bb9912b8b3f2feef9df3e4bc9c013280e89209c4fd335e4e44de6436d460544e3895b45ddb929363dc7fe84fe5c38f480faf3b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5b148ca445e1fd4ef905bc3665b2e29d065ab357cc88fd68be95b519f6e2da0d[1].js

MD5 429d7a15ed66e2a75e37ecf5f40068ff
SHA1 b7c876947c9027f3a4df526c3a3dad8e1bc25d68
SHA256 256dcfe7da215d42f7a907c2b9e79d4e59a2887c5e557dcf97362bc1ae3704c7
SHA512 bfbac9b4862e868e9913e76f4ecb3f5745c00be9f7ceb82cd83ff6762ff97ccbd06b911a9aebf1486d79ea6a71ba2e262511bde5e87c526f11f9e2434c5dd5e2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\ce6a4105a4d28cac59aa57a3d6615d56ba63526569ebfd88d49ac363d61caddb[1].js

MD5 d39a5329a499e3cdbd151fe9de5ff9f2
SHA1 a79540de2ee796268ee9c478b1b8966fc4b1a494
SHA256 9829de516f5c02a1b3d2c24dc78df0fcb4605e2e73ac397aeaf8accb4e7041bf
SHA512 00e32f03465e0045f0979974ce8d4838d30c85b8217cc0b62d94f6732a18989f2d42ea2eeba3aecef76cf59a9903219463f4a353d6852b96833a536c4877489d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\fb47e86d6d7deaf62c7c5c8a62d915361b3f9b47503976e24e4fdd44710a492e[1].js

MD5 7689c0f9bab9fe7973e3c2b1a686d3f6
SHA1 f4c1d8e81196c11d118c0f6f35a7270bb637ee93
SHA256 ca93c4eaf70846d7e0f28534eac56368fdff7bd87226bb26d477bcf06f198c57
SHA512 dc53f9fa94529120f8f2be0d119830c94da89a250cd3b754a11d623c8f1548413dc296b9c49564107700ec302ff60bfb7b7b43760d57ede3e1d1f94cddc255a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\bffafd994791f59d1efb67723313fc0f59b58fef8dec7cf83535c8f4d1d1ebd9[1].js

MD5 d51f2332682a3fbae2bda7c63a3791d5
SHA1 823b422b1406418d0fba98917c8b572936fbd1cb
SHA256 c4e4914479e8483e2871758227d6b2cda33d15f498d05faf0eed28cb0d03f9e9
SHA512 cd26b76b926e88c74eecdb83d54a2a072d8e7934c80cec217d4925264445e5cbc368cf155918047ec75e6426542718b7fe6e48ca9e662450f76463f9feff7b0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5a67818cb9f234cc3d70d2c853e74c7f2a05a90510ed8a21fcf33e3d836faa45[1].js

MD5 81e88d2e7883de7e5f5bd1c8a90ee702
SHA1 dfc1f0ecbcb31c6aade4ea3e52c1272b6b0f3f25
SHA256 e2ae53e89c9cf0f33d9fda5c1677883fe9fa68bd5e1692d0a9cf29f7150e63a8
SHA512 f56b8c10a9dc06d0befdbfd6255f8b97dd64a19910e0cdaae0b281353ea2a3e640cd366c54e53f26df3d5edd1426142ecbd95b643bf0a2edbb01051e38ee68c0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\8caf2b65ee828e800e5876d0e115b50feeea54bd99c5c0a1be51369a03bb8e88[1].js

MD5 35cf2ba406248b313cb90f44bcf01445
SHA1 0dd2969718039e83c1ce2683c271b0507fde4838
SHA256 f1a156361467a158ca3911de32da24f96b1a36c9a6c9150a6b82483307cd4468
SHA512 40f7a7fcc3d7bdb05ac6d72ea86db0fcea32681435931189bc243bee0966f5863b7f1231bdd32f2e77e1478b3836192b729f3416284dbfc86a00fa54d7011932

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\3574cff8a3839614386f61fdf914e02e5217a7878601ce33a9ff41f94a2ad8e3[1].js

MD5 c4d63cb23d961a45d5b4459ccebeba0e
SHA1 60abfcd03a673d17b6c46e54b6e30922524678c8
SHA256 d034f1bb617cb1723d5f8b61cdf3be370f278282401abfe43925af34f1847c30
SHA512 b3612fcbbe7fcf97ce02e73753d6d144a27a1bdb5335d629081fd4b75504b3931fa7e9430b8d7640f6c49cc2747a966bb24d38565c90b610f56d811ed44b9555

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\a054aec7da3a2b719cf38e09c5f6a9f45af54f6e632aa964ccc8b5ec2d83b9b0[1].js

MD5 304c33ce16dcb5dce6eeb186759c73eb
SHA1 700108b197068213c8dd19949c4722aab41195ab
SHA256 612fd0c7d11d68d61626ef4fd515f83a26e61591ead785c0e2e9b9d9d86aeb29
SHA512 ad1729fab79179e872384a105edf36e09c8eece859e4f7679eaabca66a2b497f9cc799c7207b0491563f57aba89b384379f370b838d07169d567f736cab11858

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\1057677ca91f349db02f7b279cdfbf25bec8098a13c7870317f7ad4cd4779a97[1].js

MD5 250714e191e226cfb87558ff95b08d6f
SHA1 d23414e3e7752e75d5863ddc1dab9f7568da257c
SHA256 e5ebf4da85d91400418142c4897fda22e927c895bbac921aa377f51fcca2deaa
SHA512 b1df6e4b689ddb6f6c4b5691386e6e95e7aa6fe975551594665ff183f1f94b79bd46f32b6a41296e43e1a2ed08b8a3fc9310882165d1be9947079b1c1853d57b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\3241cdd45931acc3efce4b49df4fe9583ed09d79994cc782364a84c4e851af5c[1].js

MD5 b4c3102da5845245f0724045bd201d0e
SHA1 6ce7be31efd2e0203230c7b7d0fd1ea7523cd0f4
SHA256 6caeee0448108a8695baf3e5282eb64b6d1927a32b1600e89d9d96ee0b99fb9a
SHA512 df7a5c362b2c76af1056fe9dafa5ad9ac9751a876f72679d0da8b8e1a2f57dca89261409d99bcd2479ac08e2daf02ff2c6a868624bdbb206a4d58675ee560722

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\4963a609b0bb2465ffa6a7ad10bcff85662879d2f342f0cb1a2485320dd81eb5[1].js

MD5 b7a9c8582e5d3c40de0b72014e68dd3e
SHA1 5a22d54c69fa0a9f40ea5670a1e9f06b92317ac4
SHA256 4dee6dd624201660b3822dde54e7bcfc25bef6fbeac90cdd81e466bc9ecd3b99
SHA512 4ff118dd8f3a5862ab315b01991d12607d80db1ce898f99d9439c043e84f203a914a3fd95ba7a56963ddfa08971f3d797fac508906c2b8204a5f34d4a6a82bed

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c239c2a4cca7b50a6b45a6c32ee7ddfaa0bba7011c733c6db5aad0f6a7927d54[1].js

MD5 cbb2842bff660de3c19eef91328b6d14
SHA1 a30f18b61015c15a1ae1a93e353be2f601a6447d
SHA256 ebf9b940e1ff98a2c77cf8f53ccff5aa8c9cd4d532ef8625e37e0b5eeafd28e1
SHA512 7c4010c60143dcc116e6a22d929eff357e90fc1450f4318bc6f036a9149f6c27eb4649de334b64c9d556439711e00a523530f2aeaf41355709292203d91ab2fd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\0cb8d2d6f4d1670adfee3b204fcb3a2dbf61819b82895f8257f0e5055d2c5b2b[1].js

MD5 cd6597e9fbd3e9bf81268924ddd5a0ea
SHA1 3bf1e01b59764321855344294e63b1cdf15e523d
SHA256 de3dce6b3894180702c98b9bdedc2a8a1cf21188c5ce0f57f86c1e8b9c490dbe
SHA512 b81c4746540bd300317cbb00e6ec3e0aed828b0c80f8e2769d4243ddec718628ed6cad499d804ba6689561221c05baa016bbe7e69a8ac94b0a356a557f378c01

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\1e9c21f67e9901f767acd1db03c4a5c6029d4bc0862424e80c746d6e3cf5b99c[1].js

MD5 32ab999235fa2989b0e909d5c507894a
SHA1 652967d5749225a2c6b429ca35cf694201b70815
SHA256 e2e0377775565d3be3e8337236e98df510e638b08b7274fc9de0ffdadec65189
SHA512 5c8f909fc5788caddd304dd0723c72d587f94ad70c74de42d090eb49ffca6a90a7beeb719a00195a6d454153d2df23f081b381a3230faafdb12b814959004fba

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\5c44d71f75449192684a6558fdffae735d08a0a29e18c656dc0374df397a0050[1].js

MD5 302bcd7bb6f466fe2dae4140ca1b16b5
SHA1 33be65653923c05bb986ac894c5931dd28c8deaa
SHA256 868509c373ac67f1e82589eaa7a48f9afe5f7b622b8bc2405babdceb9c39c407
SHA512 fd84ae2b3620ada395779e3f07192d9b4a73452abe936e2b615f74171288b6306c331f37595336e5e6c9eeb7ef3afe2fd70a3a7d6d24a19ef7288de905f02639

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5804331763d8dd8d8fb671924b73023bd1feddd205229569f18413e6f0190f93[1].js

MD5 5f3ff3ac1d57bc43b4703973852ff51b
SHA1 541d6552fd52b2b0104ccf198d952c263e99ef68
SHA256 5d64ac36aecfc0ab36082a4adb957bfec048ebf4dd326bb17554f7b9f8b29bec
SHA512 a33ca0c6f1ec3099899f0c16288153a6f462d6b6ff13997999aeae2b01a80fd212a82b7f1a51c1b7cf41387c4d64bf67b56f91dadb5f9ec280c73d0b7e1948e9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\9cf047a292f5735b2ce9c1896e1951a873acc17e0d794deddde210b8bd91d6d4[1].js

MD5 6a0de487cfde946269403a9458de24ee
SHA1 b7cf05cddb46ee71da89f9b8e0e86fea65e2fce1
SHA256 95a71a1ff9fc8fe57df8b361ebe566acf985c58a46ab72c1d281eb594172ad5d
SHA512 839fa6dd3f15f0c899e29f6b733487e04190af3c09a28d74af9a77ea37cb51318b27134ca545f66b1eca1e0030e3ae973a6d4577c0d1108a6b8092790b32cae8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\0eb9f3bc4309642fdf241b8263d8987cbe07add49b9342084cdc23be4e042d93[1].js

MD5 71ddc27009b44e1418832b1fc8854c18
SHA1 c5f8bc86e8b3a58182e1f1445322d5d62c413af8
SHA256 51da9fbaf06c13482d5c12c04fdc0befa7c813fa7ca5da01ca2aa148ec191618
SHA512 a9021aa3292f1eff998dae2a5000e4b8a10b003a840e7bd0379508c3ce8a93bb0d8ba5a83d8d9e731dc3ac3a6e62712d428e618704b8a2cfbd56d3bf9a6a5f52

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\7918ac8b721b946f2800652b084166ae795408706e447c98a9af8ca3e8a0cbc0[1].js

MD5 7a69881a942d84bce34eb0b4e437ec40
SHA1 ff6c2041e8a75a77aa7608d1d2efe217deedb520
SHA256 24dc9f4a675e41f88d91ecbf50c338d3ae61e0016ae473899fc211566fab336e
SHA512 80f20afb41cac82b215d43821ad155a9ad7c4980c8b2eba21e5e34d2e68ff51dbe01e55e08ede6ec9cbcce03758c3403a9c1161530bbed1087e8aebc55dd99b3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\4e1037868737fa797b0e3248bc05479c925d8029ec146d6633aeebd9e0bb6c71[1].js

MD5 0b9124321adba71f7bf23d11b408284d
SHA1 7c3b48a089c89142edc58eeb288ed3587b8eb05b
SHA256 9995d739ff72fa3fc11133643af3a1ee1a882d63ddb6c09e7c371f101daf12cf
SHA512 0c6828fa38331d4fb7c50739c10c6bba10b2e00026dcc7e5c0b0a15c15177ee323850d16b7be4e88b14004dbf1ed160b9f937ad783a9fecffa6f67da08ff66e5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\97b99d5ea1fd09bf3fa4aed595502676b5c6d366675698913916b7b0f1b33a30[1].js

MD5 c44aedecd7e3ccf371323073714fb16c
SHA1 bcc351bf6cad9cc5d5938cf62f246417de140b6b
SHA256 86018a0389b63708210639435a4124b93dbfcc1e3d0a5b8f90795df88b5f4aa8
SHA512 86fa49190be0bf8b8fef4d6b5d0e9ff24fbe1412c48dae06dea3691b3a1dcff7b18a476269f359bd4f54a6c8740ae47b63c6fefd2c057b1d84889b19c937b9d1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\8f8d451cbe04b730d167b5ce92019da934a5c2da928ca13d9b3eb15cbe2ff5d5[1].js

MD5 dae365b04490603674ee4ce0fe535d26
SHA1 429eb8aee0a40c4c0f26d351ec59a5e96967ad76
SHA256 f0701f5e6f2669bccf83a3cdd7fa8df13318d9b9e66d42237e7d1f66cdff75f8
SHA512 01a25b66f81dd80551b567c7d2b84c1b7075ed99f4bb3b120652ea2986df3fd30b647db2e19fb7bd179abd996ed4f330573f5840489a8c88763728bc7fd38e73

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\f63323dbe986f27298530ab64116f8970ac99e475c204875739756cfe6dc2b3c[1].js

MD5 a54a22396de80fd291f7491c67feaed5
SHA1 b588c168b3de02222fe8270bd2b80240c5147f29
SHA256 57b939956fa738b5dd1a0e53d3cb4df1ca627183ee01933614ac17e2ba1668e1
SHA512 dc101c80278e90fbccc271bfbc7b95ada305ab015c7d592aa2f9b84743b0698c70b6345c6ce798c021dbc0a9e618903a435670d340af8ce8c50ad304a25635e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\943872911690cace707b2409baaef7feae5161c4e92ec90174e09165b46c60f5[1].js

MD5 ce1a13378989a854b2673348fa4c55af
SHA1 ccd11209d8c0bfda793c714c1562079ee49a8f59
SHA256 249ea40f8bbb2d3ad20e1945ee5f27018b6d11e9c5012cc652a1a6a54e014347
SHA512 87b32472c0ca17a600d228c064c40d29df5b05afe25c4ced4a41c394d3f5ece9fdb2bdd306c4179324713d2345df9bb0ae46532b14d1f7c769c55cd22e6b5426

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c8a5a277ce6a0cbc4f7b673d7d59e93c63a62a2d86e68d32eac55af32a553945[1].js

MD5 dc854d936382b2103d5ca2e9c5dc0a7f
SHA1 25d48038cfebc37479292e042168a8ddce3847a8
SHA256 958b47064daa8040f42dc2baa7ba693c45487b194a4d1921259c215221fd1b95
SHA512 e21ccf12816beeb9d6653502956899c6a491ca17dd87eabe8346af645be057c583ded31634d74adc8e72e953ee085d58e02e0b46d182119abf8acb4b7594c8d0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\d720f5c5c32eb353fd76c5a101f47e529363a19bf44c18b01b501e0c648c81b4[1].js

MD5 4745b148bd026cefda8ed89c750ce0d7
SHA1 a7994a99dbf7e21d3cf8e7289506a71c648581ca
SHA256 a10e868040655a942725ea47032150f81ec882df448582d1432a1ca913e4d362
SHA512 989ab0ca9dd3f6b14e6e2c28ab20df3390d15641a507c9634699f8fc88be8eb9c322c93499c0a1f5f48653fc628ee83ef41d6d4fbb3914fbc0c4fce67d7f7148

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\f5964480d72a66fed298d36e9ad7c0a033020f0f488a49773b129905e4390e60[1].js

MD5 04326d863c5c35a9b9a8e9ef66bedbd1
SHA1 648a64d02fcdb62c392a1efd2a56b4210a68c350
SHA256 49bb773a403459aeb101120fd2ba18e4210c8f3187f2706296cd0c2f7fe62458
SHA512 4d8d074e2046633723384dd32cef747b6c140d844f0ed7764aebc0402360ba966d77ffeda3f7b0f128e55eadacf884e2daa85acf6f48865e7e0990890251b3ec

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\f41ec06eeae79fa94e6ae9f435b0a1c6743085e898884eddb4d4025ca3af8a44[1].js

MD5 7ae97680c42130384a6acebb7deb3d81
SHA1 4604f1ee4bd5f4fda85fd724ed89085a279a088d
SHA256 2524924090c58b72f477c6356c681710caf7deac61712b3da7de8e116a5d8242
SHA512 cbfb09cbae27c89c0d8d161741e4d94b6eab1c99edb381001b9188fe0dd26c2d8d9c4a58938cde4acee86ab865f0ff5f4f9c96ed6051c732dacb15d1a2af240e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\6852af8f7df15395ccb3d121a914ee7301a7162f5afb3395575c6075c617923f[1].js

MD5 1e41c14439a61ee159c462ffd6e1ac5c
SHA1 7db9c32fcbf877320e79d2b8499216c6bfa1eb20
SHA256 c7dc78acbef049e198d3a439e2bd53add45cefdc10337276b9f0edf5e9eaf879
SHA512 de7acdd1bcde824b635d4128a208e96990ca1226e9d5a634522495448116f0d7285bef91d85446c4f1e6ed4ab4daf233e903f6de43b6cd66444aacbb2c07028e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\a411b4655a0c97ad1d8209c2daa1e92b0dfc5d66716efcfea310f491aabf1ef6[1].js

MD5 8ad2e34132a9ee80b60ca859e36c691d
SHA1 e5ed9ac9485d549d78becede6472a7c94f7949c8
SHA256 3309b5a08c1111f4578a703676e0d33826b95ebdf494eaa903a1300c60f03539
SHA512 69a18e188441f76dcd078da1dee611da1aa5707cc4b115ed481d6196e88cf67b4e863f9af0da01bc6a201a910e561d4cd6e19e9cb1774db566d63d5c39521c76

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\c46b4fb03550b521b63f90cdca3214e620c53f676987f9c644dc3ed60a9d74c9[1].js

MD5 1ba75999b3ec1105914a31501c389244
SHA1 adcfce5e58b649326873d62c1991a430f96e0269
SHA256 4e90f35620153d449f3afcc8d4538b2bc4cec36cb450d3716c93b37a51da55fa
SHA512 8c5a0725b953d66c38e7248c60dd775a2182fcf4e3daf4f9229570bdee0dbba20e5d4ad688f5220991e34516e4f8bb36acf601f6b9e4232d2ff56b73bf1a2f57

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\358e6ae5bebb0fa9326d0de99d3ee229ee63236bf44ed11b9ab1d314c7972e79[1].js

MD5 7dafbac1a59e0f6dd78eb48f12d14e58
SHA1 7d423cd538b6e74b0f27ffefddbcfbc3582baee5
SHA256 d21594b5c0038364f1352e2765a4a40a2695a69c1d12d8b245ed0faa621e4733
SHA512 5a7d7e0e0d1af320c84bcb94319d32219dc3c0b30f6d87762c0705b17c6f4bf1abe3f574dbe5ce8feb1a0dceaf0f45d3cfe1d61e4c029c19a904cddfaecbebc5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\f[1].txt

MD5 6529c8f4184744cf17fda9ef3104c08b
SHA1 49268da790c510f14272225e901aaace9e6c2853
SHA256 3ccb32ad9f311ce2f86f096fde9c4fa2018c600252b6d3877d403a8fbf352aa2
SHA512 e87bcd0da7e96d36ab7d07991540d2bb0e43edd2734accb47f204b0b5ad0f9f95e90c69e4eab2321cf85d72856e5d2eaa1d3b5bce93f628c36a0d2c5f128bb0d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\f[2].txt

MD5 fa234b306f118edd78a274396cb14503
SHA1 800eec629839b16f17b8c2b5a84e40480eb4dfdc
SHA256 512a39892fdac043f2fe8f90a44d867dc600afe16105c084e11d90eaa828b7cd
SHA512 56956617ec3a716ca9a3f5f22e80ea4d249c30591fafa5a6c0ce9bad907fba1a45fe5629435c11687cfb0851e8a511e5f4a7fe4dbad2699dd61d3429715c275e

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 e9c3ec411a9117668d8645fa90059212
SHA1 2a00b2601360e9f22ec6c1055063cc2521b06fcd
SHA256 9f60aef8ef3b56f158201a5a00b7208bc83d44e1b50b7566ec1ab4736c044dd2
SHA512 9d475d6e076d4bcdc1a448f8157ee1800915c288484981b705916cf9de1a6fbaf8549362f52fd3ffc91058c46990332c947b0426eb2a43b2603d90ae76154a2b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml

MD5 be95698b8f1b0c65159334c092573ec1
SHA1 db8fc8a73de78b67434f57d5afcd44066af1da2f
SHA256 a7e106d415555686b68930427e0b9f98e84debbeaa7722c8f95d6a2a91789c62
SHA512 6f55bd646bbe07356aaa7fd6caf6c8f8d5006a7e1f2e60877c1697dee2fef36a98659dac242d09248f9d90902eef76701d9599feecbe156dea7dda74669fda4f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\sodar2[1].js

MD5 2cc87e9764aebcbbf36ff2061e6a2793
SHA1 b4f2ffdf4c695aa79f0e63651c18a88729c2407b
SHA256 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
SHA512 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\JFPzhDEDNdO8W83wpdlpX2Pfuhd0jtZVvcdpQUfgqzE[1].js

MD5 94136887a7bb4ab79524e4060edffb34
SHA1 f8d795c296bd0b6f33c8c160bbf411467b9a9053
SHA256 2453f384310335d3bc5bcdf0a5d9695f63dfba17748ed655bdc7694147e0ab31
SHA512 5661f63946930270d137ffe8751b3dce8b3335bd8177968a4eaab6b2166d18a3d126b1c4e1b3c95cd449a0ca0a5e083b8d1d568274e5845faabb6e94cf51a188

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

win10-20240611-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a0783ac30afdda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Spanish Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\Certifica C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "804" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{BAE3E62C-37D4-49AC-A6F1-0E485ECD6757}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech SW Voice Activation - English (United States)" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "407" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "CC" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000332b40ad2ba978855dcb2978f4907613e3bb1ff70fc765bc9801ff28fc3d6146dbc460bb307cdfd023721b5f7977e1fb5ce2f4daa27ebaf33235 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "432067125" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech Recognition Engine - en-US Embedded DNN v11.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "16000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Anywhere;Trailing" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\L1033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D = 0400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083551900000001000000100000004917c0071bcbe9c7046c52368f011df95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "82" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D = 5c0000000100000004000000000800000f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a08355140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0400000001000000100000002fac04553147f46a49df9b4ebea6df431900000001000000100000004917c0071bcbe9c7046c52368f011df920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Zira" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4484 wrote to memory of 68 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 173.222.211.43:80 r11.o.lencr.org tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 123.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 40.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 43.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 173.222.211.17:443 js.rbxcdn.com tcp
GB 173.222.211.17:443 js.rbxcdn.com tcp
GB 173.222.211.17:443 js.rbxcdn.com tcp
GB 173.222.211.17:443 js.rbxcdn.com tcp
GB 173.222.211.17:443 js.rbxcdn.com tcp
GB 173.222.211.17:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 128.116.119.3:443 roblox.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
NL 18.239.50.59:443 roblox-api.arkoselabs.com tcp
NL 18.239.50.59:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.57:443 images.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 c.pki.goog udp
NL 18.239.83.95:443 css.rbxcdn.com tcp
NL 18.239.83.95:443 css.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.178.3:80 c.pki.goog tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 95.83.239.18.in-addr.arpa udp
US 8.8.8.8:53 18.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 17.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 57.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 59.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 32.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 216.58.212.200:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
GB 173.222.211.57:443 images.rbxcdn.com tcp
GB 173.222.211.57:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 region1.google-analytics.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2a-lms.rbx.com udp
US 8.8.8.8:53 sin4-128-116-50-3.roblox.com udp
US 8.8.8.8:53 aws-ap-northeast-1c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-west-1c-lms.rbx.com udp
US 8.8.8.8:53 aws-us-east-1c-lms.rbx.com udp
US 8.8.8.8:53 c0.rbxcdn.com udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
NL 108.156.60.108:443 c0.rbxcdn.com tcp
NL 108.156.60.108:443 c0.rbxcdn.com tcp
US 44.231.178.77:443 aws-us-west-2a-lms.rbx.com tcp
US 44.231.178.77:443 aws-us-west-2a-lms.rbx.com tcp
GB 35.178.34.242:443 aws-eu-west-2a-lms.rbx.com tcp
GB 35.178.34.242:443 aws-eu-west-2a-lms.rbx.com tcp
US 52.21.2.64:443 aws-us-east-1c-lms.rbx.com tcp
US 52.21.2.64:443 aws-us-east-1c-lms.rbx.com tcp
JP 54.238.82.241:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 52.8.219.133:443 aws-us-west-1c-lms.rbx.com tcp
JP 54.238.82.241:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 52.8.219.133:443 aws-us-west-1c-lms.rbx.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
SG 128.116.50.3:443 sin4-128-116-50-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
NL 18.239.62.218:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 18.239.62.218:80 ocsp.r2m02.amazontrust.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
NL 18.239.62.218:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 242.34.178.35.in-addr.arpa udp
US 8.8.8.8:53 108.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 64.2.21.52.in-addr.arpa udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 133.219.8.52.in-addr.arpa udp
US 8.8.8.8:53 77.178.231.44.in-addr.arpa udp
US 8.8.8.8:53 218.62.239.18.in-addr.arpa udp
US 8.8.8.8:53 241.82.238.54.in-addr.arpa udp
US 8.8.8.8:53 3.50.116.128.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.142.25:443 www.bing.com tcp
GB 92.123.142.25:443 www.bing.com tcp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 25.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

memory/3040-0-0x0000019F92B20000-0x0000019F92B30000-memory.dmp

memory/3040-16-0x0000019F92C20000-0x0000019F92C30000-memory.dmp

memory/3040-35-0x0000019F8FFF0000-0x0000019F8FFF2000-memory.dmp

memory/68-72-0x00000190CC200000-0x00000190CC202000-memory.dmp

memory/68-70-0x00000190CC0E0000-0x00000190CC0E2000-memory.dmp

memory/68-74-0x00000190DC710000-0x00000190DC712000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YPT9ZP1P\api[2].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

memory/68-367-0x00000190DEDA0000-0x00000190DEEA0000-memory.dmp

memory/68-388-0x00000190DE860000-0x00000190DE880000-memory.dmp

memory/68-387-0x00000190DE580000-0x00000190DE5A0000-memory.dmp

memory/68-403-0x00000190DFAB0000-0x00000190DFAB2000-memory.dmp

memory/68-401-0x00000190DF060000-0x00000190DF062000-memory.dmp

memory/68-407-0x00000190DFAF0000-0x00000190DFAF2000-memory.dmp

memory/68-405-0x00000190DFAD0000-0x00000190DFAD2000-memory.dmp

memory/68-412-0x00000190DFCF0000-0x00000190DFCF2000-memory.dmp

memory/68-427-0x00000190E01D0000-0x00000190E01D2000-memory.dmp

memory/68-432-0x00000190DFD00000-0x00000190DFE00000-memory.dmp

memory/68-486-0x00000190E0520000-0x00000190E0540000-memory.dmp

memory/68-499-0x00000190E0170000-0x00000190E0172000-memory.dmp

memory/68-497-0x00000190DEFF0000-0x00000190DEFF2000-memory.dmp

memory/68-501-0x00000190E0360000-0x00000190E0362000-memory.dmp

memory/68-506-0x00000190E0430000-0x00000190E0432000-memory.dmp

memory/68-504-0x00000190E0420000-0x00000190E0422000-memory.dmp

memory/68-508-0x00000190E1680000-0x00000190E16A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml

MD5 f19559f7dc4d92800c38fd367a512dd4
SHA1 1d9f3558654fc1c299bffb0112fe9b2a5406e8eb
SHA256 f99c636aad40f308f6c1f217fb0f3f226a9d8ce301ac4106a70349cf242655cf
SHA512 9de24ddd8b4b9e5cea469b00c946df4330a00f49e2d80b6f225451ff8b03e9984f7eb656a8f7f1c46865420a7a9919aff577df307ed598a9412dbb2749740091

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml

MD5 aa411768d303705553320621097f66ed
SHA1 8d3145f9a15f1c63d22989370c81ef859efd7860
SHA256 0e2a0b632d3586896c97118e8d69d56c1240786d6e8f16ccc56cc1d38de5d863
SHA512 a53210b0fe9c83f8af7c6953791fa101719009c6da82736f979a2381537afa08c9f68bf0075dffc10b7504e83a4bd0a7a55ec9df624cc1d590557d33fe758d60

memory/68-758-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-762-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-759-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-763-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-764-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-765-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-766-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-767-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-768-0x00000190CC080000-0x00000190CC090000-memory.dmp

memory/68-761-0x00000190CC080000-0x00000190CC090000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml

MD5 ca486d61e70aea92e90575df661307dc
SHA1 308b96b7107c167602780f28c4263f01ecab6151
SHA256 4f8202a5496a5ee5a2a87865d0fc62b75e4ee42920bab2c17cf960384cdd43c9
SHA512 13df2fcffdb9f6c9c44d11b161eff12f5526cea2db5fefea7484da71b0083dd89a8d06f510e81a7e346e07d8f7385d7e8c29e6ae0d0625285ec0350703dbb871

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NR2H02H5\funcaptcha_api[1].js

MD5 759ab24cf5846f06c5cdb324ee4887ea
SHA1 41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RPVGOA6E\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml

MD5 bfb3cb1d8e56eff23c66abc6add11141
SHA1 fa9fe60dc841c0270590e2fe85010e0b2ec06099
SHA256 c9358a211d594e8e4791e2cf7485ba444aecd3610ad3b56d1ca931fee3377b25
SHA512 3de675f3cca434d940a5890a4c62c1b365d7d0e92e94b6bdf755b3bfcaef78e6fe21d796f0fd6bfb02802a6df12162824a313dcffbf680720015156141fe00dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SZWNFRYG\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4600 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 2140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 728 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 2312 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4600 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.i.lencr.org udp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
NL 18.239.50.31:443 roblox-api.arkoselabs.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
NL 18.65.39.82:443 js.rbxcdn.com tcp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 123.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 16.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 82.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 31.50.239.18.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
GB 128.116.119.4:443 roblox.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
NL 18.239.94.43:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 32.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 43.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 ams2-128-116-21-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-1a-lms.rbx.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 mia4-128-116-45-3.roblox.com udp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 8.8.8.8:53 fra4-128-116-44-3.roblox.com udp
US 8.8.8.8:53 c0cfly.rbxcdn.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 8.8.8.8:53 syd1-128-116-51-3.roblox.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 54.241.62.188:443 aws-us-west-1a-lms.rbx.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 3.44.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.45.116.128.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 188.62.241.54.in-addr.arpa udp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 847d47008dbea51cb1732d54861ba9c9
SHA1 f2099242027dccb88d6f05760b57f7c89d926c0d
SHA256 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512 bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

\??\pipe\LOCAL\crashpad_4600_MQZZWXSAZBEUCNSA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f9664c896e19205022c094d725f820b6
SHA1 f8f1baf648df755ba64b412d512446baf88c0184
SHA256 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA512 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc4cc2211aa8fe847cc4b9f3950af7ba
SHA1 63332dd8dc113304a141a8afbe16a8cc42735219
SHA256 f7cff9d5f42f3f165944497a9cbc743360745e59c2b68e21283259c2e0cbbbcb
SHA512 b2667e6af94fa0b5272e402fe0bf02d7c6cc31e24cb1b24058b927b59f8b1f1fe348a099de41b3c0f4cf8dfb91226e8b3414fd1b02de0e4948ac342841781425

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b30cf0cd418442602dcc37305446dd7d
SHA1 6382523ae495109f076a90be7c6fd028905d3e98
SHA256 ace03ca39511a08598f694cd238af9db2f4b8795d7d4bbf7cdaf41d4913c5ff7
SHA512 bacde342bd84caafce25c45a9f83412364efa770653c14a0563ebf7b51467c6dbd3cf85b6deb5da5ce7ee0747b71f238d29e819ae1ae1b9c8f64f7072b2a8646

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 42a82da3fa437ce43a4f632de23df741
SHA1 340d18ebd6ec6e4dcceedab29086853036a5ea05
SHA256 67a4c974db2c649d82a6d5a12f6e10ef7f4b0e1825db43deb4a368caf4339d90
SHA512 dd7df3e1a4a5d0c7b49224130c6779c6c98cddc1c276e4a3cbf0c1e9e0e0c80a374fd8cdd3f151436ab2d8855aad94c92070c22a220d2945785698c24203ec9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 20e3f5df4a34204560658afcb29831c9
SHA1 bef90c17401ca2f744adea56b4b15be112c0c9b1
SHA256 c7ecb6511500411d7051b02b91416989ee9538ce1cd5d45613334583438190c3
SHA512 e0fee6de5ddfdff30e8dbf28971bbe0ba66a9fc10cfe40e7141e132011f431f608cbeba4fc2263a404fba53115c47fb126dbe5ebdaf274bbbd8ac070b2dc8cd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP

MD5 aa73486910a80203166143ebfd9e66d6
SHA1 98984d9229b7ce4ab858ccfb721ae6efc611593d
SHA256 19da9013eea2da03517d3442b0e60260f6edea5630c482f6fbc54f4e0f053163
SHA512 b282267eb967c12cca4141f216a9e1ac3ce2146f4ddc032e05e1cf3b9ecb86de3d5c612e863c62c769e81afbf0c6fff5864264ec54af21489b6c0a15c9acb5e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c497dc3160345911358e24be4fe80e53
SHA1 084c11d9f1e1ad60d57b31c66beaafc1cb3ec8c1
SHA256 344b9debaa76414e53b4813c07910a657be683de07cb623a60ecdbf60d5f5ab1
SHA512 7c843cb3d75db05239a04f9b52a043c8ea614f3cad895cce958d93020c2cac31959e3b9aee300cddaab61d7b9dce1c767db5f2ba648d5641417160b22c09c782

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 79d44fd6b46544d6eff4b3c04fb76d08
SHA1 8c6d871d729c0714a23500e449214be3309e0682
SHA256 319cf47358c85321546e3b2c7c0035aac1f240a3432db3f57b8d9856280bb5ca
SHA512 dea6932e8d01ed059955840c1658c106c9e8a089f6d657bee5354faf0cb56a5adfd09db9e0a49d254bee82a018a26820b11c0da6757dd2ff46357fb078ee00a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 31bc88d307108c9980ec5268a12302f1
SHA1 1cc6b395aa0c28cb99b02b181a3312a9bcbd0c48
SHA256 be509299b23dafab857ec7c977051652c34ea8a4b9c13b6d64034fcb41b82691
SHA512 6b7aebc54ad83299ae57aee054f679f531d97e7692635e8769030be702646e58a946dc795f1dbf770a0143f5a053ab8aa430c5345d4fddb3409f56c01b48fd5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 13c0a9d59ec07befbd988e918a1ce1db
SHA1 9ef4906cb90bd113926f3a912f187aaa8f2623b7
SHA256 f8fb060bc8d0c82fe1bcd96c6c708327b7fe9d45beb65875463c4283ea751c9c
SHA512 92c1af7dc5c931df2173393acf273d80b7ee8924a87292a0467b724fd459529202b84a9549e6a7aaf7dbe0199968ac7a2804ae263a05711c5115368ae4b3702d

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

win11-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2448 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 1512 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3168 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 2440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2448 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5172 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 92.123.143.123:80 r11.i.lencr.org tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.65.39.26:443 js.rbxcdn.com tcp
NL 18.239.50.82:443 roblox-api.arkoselabs.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
US 8.8.8.8:53 16.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 26.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 82.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 113.39.65.18.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.32:443 tr.rbxcdn.com tcp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 04aa3f476e468ef3c0866e8dedd8f6e4
SHA1 1e9fa8fd586c03447a4c5b4cee261900e9f464ae
SHA256 87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a
SHA512 7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8

\??\pipe\LOCAL\crashpad_2448_UXRLPMDHXKFSYZLH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db1dacae9540e883ae83489b18cfc326
SHA1 ec3b68e635d8ce3bdafe258bca5187536d43065b
SHA256 3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f
SHA512 2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3b32d7ddfa799c58441f8a5c64f9a1cb
SHA1 99f67730897c41d40c853c355f5aab752667ebba
SHA256 1d6e98e51cd60f269d9fe215a38ede80988fde2d774bcd366e1e0c48fd516000
SHA512 17f2da8117778428ade5291029d796445f9a0d1bc51d58af70055bc98cef4a0f2e3bc434607f9f4472c3139d1aed44cb390fc6db5f44e7b98cf9427729d91b79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3afffa249f62ea14ab1f6be64b0e8ba6
SHA1 1f69b8dd709229279de304db876f2cab37616791
SHA256 0a26e675986d32893249171b799ba09cff5f98d9419ee345c94f8a3741343f46
SHA512 ce3d316098809da857d1a738619eb6c9116ebc76ef77b0dcdeb64d712404ea9b448a0e15dc607d74e5be6eb6ed4d3ea9a949431e44469a1e9ce6ed1cfd6ef967

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 805b9149794b238946ed75ce8cdce431
SHA1 ce7609e15b857ef665b41d8402fdd13bf174cd78
SHA256 96dc1a025ec89ea1d41e655868c242c8413047695c8bac9f50c5c718a388923d
SHA512 2048d4b0dcae401536d3463280171e5469162f4da5aa69d91cdf3c1a81195eff33decfd4ce9875d8efad16feb77efe3a3fbeddb1afc7e342c095f4f521f36ec0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a34680f8b1266e2832acacdd5974cb48
SHA1 8ed0a05cd9bb03b4990ba77cc79662cacb1e9700
SHA256 cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21
SHA512 6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c69c.TMP

MD5 37ce0196f837b754f97286c42aabcaa3
SHA1 b9bb5d4f477c891470a2f6300b534ee6d03f050e
SHA256 957d623ad68c789c912849dd1a13ae8d8068a714367d73eb0166ce88efa9ef9b
SHA512 b60c437181230439deffbd9784be45451cd0153bd5966c67a6fc4cc507e49226c8456f2b8b329a0a108c4866ec095802efaa3235c3655bf4cfdc1d8382593f92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d7a63c54a7f4909c8c698229f3efc2ff
SHA1 046823a0f0a6f391801262fab543814d648160ca
SHA256 cc85e6febcfaf3e90f5639441625a4059471ff86379d9dc519c26489ace38c14
SHA512 b6142717f77a3cffe9570cea7a36a05cf704106d5c13ebb298339fdc52c7e274cd4170d2e54d9860e0bfc5536d028442fe9cd92db7635d992319b666b01b78bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 29a986d3ea64af3493d3fe03bf0c5f1d
SHA1 d9447d7d645755243124bf35bf3ac67998c61da7
SHA256 39ad5ba09dc97bef0ed174764787434cf376a921a1046129068793c47422a18f
SHA512 87b1dd376c2278c293c469fa676d62500b10aae57fd3bb03978e43e984d72475b281b3163fe8d12b425d46eed2f34edefdc378c12b84c0a75ba3133c1f8b71dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fac4100cd014ae109ccb48b3454b5c6f
SHA1 5d3dc537896cb3b6d9d0068c08501e0e8398bed6
SHA256 1e27106dad29105380e8f7166ab483113e9520e8296f91acc8ec003f9f38d835
SHA512 d331d9f4690457463258cac4f15e435ed36c4868c76a9d8313d888fb00395355c4ad8f7227e215d865c9ba983a4b493d86456ca2387b2d0f13edd1684229cd8d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f4d32597b62f6abb1dbe33f9a39cf62a
SHA1 b8120dc37b4a029def446920b0bff79c3efef3c9
SHA256 74d2b553fa05e0dd6ef93cc9650a3c4b04c3dba0c9c2fd35b5cba00df3de3470
SHA512 2cdc4ba17233072b12f7e538fe7e2ca61e9dee6eff403cb302402557f30d2e57d6516cc8981dcb54eca3cdfa76408a8a911b1d59bc9bb86c81b54c26b5f2bac8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9eee694ef8cf26c449d05467ea360068
SHA1 f21d90069bebe6538ff0c44c81503996d89f02a0
SHA256 6900aae9f62c86e7a09fa6b7ebc2ae748b2af3804981a8d36523e984a50a9328
SHA512 3b2b7d204755ab41b2b576ab172d1d0bcc43debbc237cf42f89b6fdf941b3bc0b8d1c5d5a79358ab5af82e6cd691dab390d72df1e4a9cd177150af25137c2102

Analysis: behavioral6

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

android-x64-arm64-20240624-en

Max time kernel

134s

Max time network

148s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 88.221.135.3:80 r11.i.lencr.org tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
GB 88.221.134.25:443 static.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 205.234.175.102:443 css.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
GB 92.123.140.8:443 tr.rbxcdn.com tcp
GB 128.116.119.3:443 roblox.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
US 205.234.175.102:443 css.rbxcdn.com tcp
GB 88.221.135.81:443 images.rbxcdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 clients1.google.com udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 region1.google-analytics.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.200.46:443 clients1.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 1.1.1.1:53 sea1-128-116-115-3.roblox.com udp
US 1.1.1.1:53 aws-us-east-1b-lms.rbx.com udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 aws-us-east-2b-lms.rbx.com udp
US 1.1.1.1:53 syd1-128-116-51-3.roblox.com udp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 1.1.1.1:53 aws-eu-west-2b-lms.rbx.com udp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
US 1.1.1.1:53 bom1-128-116-104-4.roblox.com udp
US 54.225.230.46:443 aws-us-east-1b-lms.rbx.com tcp
US 1.1.1.1:53 aws-ap-northeast-1c-lms.rbx.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 1.1.1.1:53 ams2-128-116-21-3.roblox.com udp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 3.19.113.80:443 aws-us-east-2b-lms.rbx.com tcp
GB 18.134.123.114:443 aws-eu-west-2b-lms.rbx.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
JP 54.238.82.241:443 aws-ap-northeast-1c-lms.rbx.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
US 128.116.115.3:443 sea1-128-116-115-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
JP 54.238.82.241:443 aws-ap-northeast-1c-lms.rbx.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 216.58.201.110:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrnse.gvt1.com udp
GB 74.125.168.200:443 r3---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.200:443 r3---sn-aigzrn7s.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.234:443 r5---sn-aigzrnsl.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.202:443 r5---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnss.gvt1.com udp
GB 74.125.175.10:443 r5---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnse.gvt1.com udp
GB 74.125.168.198:443 r1---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnss.gvt1.com udp
GB 74.125.175.6:443 r1---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.199:443 r2---sn-aigzrn7d.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7e.gvt1.com udp
GB 173.194.5.42:443 r5---sn-aigzrn7e.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

files/dom-0.html

MD5 96b8be868b6846e634f6a7d1805bdaa4
SHA1 a49f2988583679a259220d9fc62de84d778587af
SHA256 ea7f6faaf895d73b8f330993565fe7a182eb5879834fd81ae66abf784b9efd2d
SHA512 00a4842f449f5fa65d626f86735838a6c9562029e30a6897b9a0b5bcca17011f826e8fe9c369446f2fe7f3860b521730955c5aec0561143942c349b0920e06b7

Analysis: behavioral7

Detonation Overview

Submitted

2024-09-02 07:35

Reported

2024-09-02 07:38

Platform

android-33-x64-arm64-20240624-en

Max time kernel

142s

Max time network

155s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.234:443 remoteprovisioning.googleapis.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 172.217.16.234:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 r11.i.lencr.org udp
GB 92.123.128.149:80 r11.i.lencr.org tcp
GB 92.123.128.149:80 r11.i.lencr.org tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
GB 216.58.212.196:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 92.123.143.96:443 css.rbxcdn.com tcp
GB 92.123.143.96:443 tcp
GB 92.123.143.96:443 tcp
GB 92.123.143.96:443 tcp
GB 92.123.143.96:443 tcp
GB 92.123.143.96:443 tcp
GB 104.86.110.49:443 js.rbxcdn.com tcp
GB 104.86.110.49:443 tcp
GB 104.86.110.49:443 tcp
GB 104.86.110.49:443 tcp
GB 104.86.110.49:443 tcp
GB 104.86.110.49:443 tcp
GB 92.123.143.105:443 static.rbxcdn.com tcp
GB 92.123.143.105:443 tcp
GB 18.244.155.18:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.18:443 udp
GB 92.123.143.96:443 css.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 92.123.143.232:443 tr.rbxcdn.com tcp
GB 128.116.119.4:443 roblox.com tcp
GB 92.123.142.217:443 images.rbxcdn.com tcp
GB 92.123.142.217:443 tcp
GB 92.123.142.217:443 tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.187.226:443 tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
NL 128.116.21.3:443 ams2-128-116-21-3.roblox.com tcp
FR 128.116.122.3:443 gold.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
GB 92.123.142.235:443 c0.rbxcdn.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.115.3:443 tcp
GB 128.116.119.3:443 silver.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
US 128.116.115.3:443 tcp
AU 128.116.51.3:443 tcp
GB 142.250.179.228:443 www.google.com tcp
GB 172.217.169.33:443 ep2.adtrafficquality.google tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.200.33:443 udp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.204.67:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.180.3:443 update.googleapis.com tcp
GB 142.250.180.3:443 udp
GB 142.250.179.228:443 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.179.228:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

files/dom-0.html

MD5 321327aeb90d0eaaf1179776b01d4739
SHA1 3e166591055beb481e01ba9fd7ebadf5bae38f2f
SHA256 cd8677dbaa422565510b99d6af9aef6c51995f3f0f3724fe1222458b6fafa31e
SHA512 13d1cd1ea3949030f4fa528a7a7ab0b9e5bf5b50c1a69daded1392ea1f208d5ca4804ee86c5eefbc586e5c2cde8d846a9768cf6cf34e65e196bac510c407c27d