Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Checks CPU information
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: MapViewOfSection
Checks memory information
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Analysis: static1
Detonation Overview
Reported
2024-09-02 07:35
Signatures
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
android-x64-20240624-en
Max time kernel
128s
Max time network
156s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.149:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.103:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.46:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | fra2-128-116-123-3.roblox.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 1.1.1.1:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 1.1.1.1:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 1.1.1.1:53 | aws-ap-east-1b-lms.rbx.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 1.1.1.1:53 | lhr2-128-116-119-3.roblox.com | udp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 151.101.129.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 52.8.219.133:443 | aws-us-west-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| US | 52.8.219.133:443 | aws-us-west-1c-lms.rbx.com | tcp |
| HK | 16.163.186.39:443 | aws-ap-east-1b-lms.rbx.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.193:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 216.58.213.10:443 | tcp |
Files
files/dom-0.html
| MD5 | baf1ed964ac89ed87b838c3d6a645ae3 |
| SHA1 | 819623c098f2ffc12dac764ce2df5268bff651e4 |
| SHA256 | c5b639bc9d09106c0a57b3786df914cae56cc4801a9c83945db2762338612c19 |
| SHA512 | 2b73969ac1d5e50d95d6b2f0092da2267f93c216a55c94919813a4834da0a6d924d783445fdf61c5bcd3bcb32e57fdb164ad4e64ae7d69b908e373582279c264 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
android-x86-arm-20240624-en
Max time kernel
141s
Max time network
152s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.148:80 | r11.i.lencr.org | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| GB | 2.23.210.92:443 | static.rbxcdn.com | tcp |
| GB | 2.23.210.92:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.137.44.2:443 | css.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| GB | 216.137.44.8:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | ord2-128-116-101-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-eu-west-2c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | c0ak.rbxcdn.com | udp |
| US | 1.1.1.1:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 1.1.1.1:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | mia4-128-116-45-3.roblox.com | udp |
| GB | 13.40.89.241:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 3.137.17.126:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 92.123.140.73:443 | c0ak.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.169.1:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.234:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | cdns.gigya.com | udp |
| GB | 23.64.39.73:443 | cdns.gigya.com | tcp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 172.217.16.238:443 | clients1.google.com | tcp |
Files
files/dom-0.html
| MD5 | 4ad68ac98cbd1bdd6d330594042e7557 |
| SHA1 | 32e71012bdf760a785e3afd1c02850b09f1a69f1 |
| SHA256 | 0c8d0e2c172440eedf378d89aa84d7bf75d75e933a35b7f99a297f8d18eda15f |
| SHA512 | d9bdb43ce3f31041da3d1cb3723665ec03040f1d89c62d330b99225a5a8410d8a9bb6c74144beb5a7d5cd976c4e37831fa4d6f35e325b8d53d23067281ea2469 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
win7-20240708-en
Max time kernel
122s
Max time network
147s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7A82831-68FD-11EF-8893-6AA0EDE5A32F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609d98d50afdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431424413" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000008cff714cda0d5b02a99deb39c233f8ba914f6a86cb9cc58b51fa02ffb6f581d3000000000e8000000002000020000000c76562b44d3b16c526d36e105e503c7a73f93032b2373ca78eed9d46d0dbf9e5900000009abe65be9e159c74ce8fa174cfe90dff26f8d0a63e3d74b06dcb5e7505bfeb6518f5d132e8cb86c7dcdf29bc78fb3e35f953b8f85b89d4914c080d31eadc0bd5096ac3bc1b0f3e6046e5c247f78a9bd5c62e81e6ab9307872fccb8e237fb05a4118ad2fbbe30ab55046a1f9d53264b4b69367caf3087911f97f4088370a56f64ae87fc9d0c6c5ad720bb3c74e7692142400000004f8ad2f27399d81f6a949742aa86e98fdf5b1d1cbe0a92e4d4ee6b5a05a4f556d263afff911d0d3355c6cb8ff848bf6d9a9468a29045f98a08bb933f966777f3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2692 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2692 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2692 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2692 wrote to memory of 2688 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| GB | 173.222.211.9:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.50.31:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.50.31:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.169.34:443 | ep1.adtrafficquality.google | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 173.222.211.58:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.115.33.219:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.50:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | cdns.gigya.com | udp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| GB | 23.49.174.206:443 | cdns.gigya.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabB9C0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarB9D2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 9dd5bef428ae056ac7e0486465aad516 |
| SHA1 | 1c383107d67188a3fa08a3c7c9b60ce8834cc9ff |
| SHA256 | 9700dc624ce587b7737272e6ef88205c1afde881bd3701efa51eb86b755664c1 |
| SHA512 | b86e01a9051622d17de3349d755ba9e9a5a7ec1edd0499f4966f2d1eabdbc4b7e1183c1ef4e8c3b61fa5236512f76d38441f98c0b5e4982abc8026138a24c5df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 865ae94ae444174dd23818a51ed0af20 |
| SHA1 | 521d7cb5eaff1a5f75a107b48fdeb50f35f7c6e6 |
| SHA256 | cb93e697eb581a14c68773d560dd9202c15490f0eec53d2d8a22de79687083d1 |
| SHA512 | 3ada920bdaeb05b53b6e8b1803b602125ee66d7dd2de932d3159f2883dba556bddae30014f3ab74ca26b44e8e8ff42c2d1b9ac7c0e9b200e3763e9de964b03d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12031b4a71df9503c33bce117626efcc |
| SHA1 | 3bfbae5555be9cc0d2c1295c9f96611b28f1482e |
| SHA256 | 4aca96145b00b5aa7517471b3a762b721f96992d57306141171356b747862701 |
| SHA512 | e8c542c7b050bab5430f15647ba7a4b68e2444ed0db2a39b5782ad846e5f76d0a3ad0fd27934afc116b277d182a7ee88322198736c54a13511c3ffd2e60ca2bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e3c28ffa390f089cdbac62b930460ca7 |
| SHA1 | 552b9aeeaed7462570ff7a384201706aef667514 |
| SHA256 | b17fec87bee9563dfa176d7861ad3b4ec6b5e72b30f7cc6a93719375b733f837 |
| SHA512 | 38d57d8d63271a12e7558a0364ead5092147245065dcb92f34f7e701b65321ee6ac6c983c1a2099a7ffb76044c142aca25ae0160e876a8269d95b6664bc30aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90db8056abdaccaa51a4f60ab86b8eb6 |
| SHA1 | 10ce5f200449eda5cb14ff8d7e0e68d421fd20fa |
| SHA256 | bb6ac8df2e62b58f8eae333f78b43ea0ffc564cca9b4b1943d53281488f93338 |
| SHA512 | 61be4c156d64b5ef915096e08853c5412ef0d962a58bc9250edc5e265db69b8051a558db725bfdcc3eef629c9167bcab2d3c01f15fc467b912ad2d87e7037766 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eede54c3b21c435bd30548842a091445 |
| SHA1 | 786d79fa41d65162c4a661f07b01f207cd6bc5be |
| SHA256 | c793f61e16976fa98578654ef36c3cdfc88494d567e930b5765186f5b7a6a1aa |
| SHA512 | 2746f4735c5c181e434208bde196b5d1cf43699bd6495b4da495900c3862862d7310d7564262712bfd2f7522a49a7d41e264af0ed82df2f93a17a00ca5759165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | b2db5cbc13a6e8c4a06879fe7bfe1696 |
| SHA1 | f5e4dec1b730b85d7a015864eae6c57e49423db4 |
| SHA256 | 5ca8568a4c8e019ed05e5e616617577eece91eb40f60190bd39c7cfc406d5852 |
| SHA512 | a93cebf2f4532bfd866e6de5778af0abf898f982aaa674270a70f8bcdd7bf5c74ee4acd778c4f71774b3d056be64635ec27c748f6838f137f4f3f1001dfc65fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 340b4ee7047f2a2df9c280fbd51168df |
| SHA1 | d5c78c04922e6be7bb8a85421de8ade61e9090b8 |
| SHA256 | 47c79979fdeb7e0fc314a12c788dc9c396dbf67d5481ba0f15d6b43979ab8afc |
| SHA512 | 0f1e610621795a3c34b611a5c1d46d9357fcee7f5e1f1e53091da5c839303420b3a433a3217eba5c4951740397cddde26af2cba40a321a8c44fe499d794b0eb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a1e78d5c72f07a2a080b9c7f2778a62 |
| SHA1 | b4d0c71119d4ed2454f88826ba4d3a2e668b6dd3 |
| SHA256 | 0bf0e60b1c248f34a8ebf00bffdf0329d892b593714685a71c06542a453fdc3d |
| SHA512 | 705424f93de3095246ae98cfaf4d7410a58c98cc232c7a5a8b2ba4dd7ece47e9f75949cbc278422b8e6275f3ab2328dbcef808733e38abf7c1c21da240eebaf0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a32d871cf9dc192529a491b49f83cadd |
| SHA1 | cb5c75cd8eac77d02689423355c0709ad22bf1c5 |
| SHA256 | b7274d00a24a8a26341a043916aff26cf59d21e7f75a99522ee9793490017a62 |
| SHA512 | d327fcbc2326b902370e82fd74e3fb954691449092d990e67f34aa49086a69fb7fa1ebe09f0cbdf19a5624d14350735582a1a67edcd14cae2380b882097b82a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db64add9e4170ec0f36d64747a33b3ff |
| SHA1 | 36f73c840840c921f2ec841cd13157021c30b11a |
| SHA256 | 0d0c64af7974d3f63db333b831051e90b0cb4e46e7d3da535b72c827b077206a |
| SHA512 | 236adc86a0613d20b4471d528876fbc3bf6d509f7cd15df1657b12d7974a757d0e179afd6acf91f2d17e62aae73f84afd7cd0c559983affe9ed98742f3598501 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f477d37422d62e204c363f8d99a3d2f |
| SHA1 | f45d03987e91d80e33ea8ea069c1c13a3bc1f080 |
| SHA256 | 58f0bc3f0a03bff84a3af4a38c02ca075f1370f31af0733ee1cb186331951aeb |
| SHA512 | 0ee1f79d8198123d0066c11dbb307d3ce4662ba1f49ea67752ebdff0279002b9e6619f849605929d8c20576391b6bb1515351cb000f7d9cf1b88a48ed176d0de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c938d54a02d208ad241130ccdaa62921 |
| SHA1 | d0dbb964f571674bed07a212a1e8ea5983722db5 |
| SHA256 | 139819d4ad7db2fdccd1d3acc680688b382fc93a0a1c2c9a8b11b98c0dfb7f3f |
| SHA512 | 4aef15aaa25b5380ff86f7a5e51dd856137a9565598e057fb6b9435316cb56b049c74b58a1f77aae52c72258f1ca0df547e43165217bcb6026f7cefd48505df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c1b20792e8f8924a6a47c09824a277f |
| SHA1 | 64778dada381d6bafbc2917b14936a3924f4172f |
| SHA256 | 2303ef596f985ce45941e1c481f49a0a43a88c7d53056cb197104a668080f764 |
| SHA512 | 9d63f9147192aec6f53823b84632cb0db6ad970f43ad6ae3230bfd93e248f228fd89cf5e6d6f54f0f491f2391762c9119dce15140b80c13d428f60b041314aa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d61c325abf791f0e1d58327a2208c9df |
| SHA1 | 8bf6abb92986732fa4f329ec141e3c69703690ca |
| SHA256 | 6e9b87c4c3f654fd2f713e028c9deff7e0eda02db130978604e9cc82d3e190e0 |
| SHA512 | e0be90b379f0fc96324b8f0168a34c9ca00a5bbf5e72dc91a058bc46d0bdef849384a23c677c4a11c25560f496c328b70b2fd405783b8b48024c9d152e10d5ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29017818896d2739ff6036a0d49c2c13 |
| SHA1 | b9736b23eeeff7e8268f4d2ac646db5a32e1d32c |
| SHA256 | 9e14934f89fc3302d57df4eac2b1c0996a86d5811d41bb9980e9c1110aa8ca41 |
| SHA512 | 32d7f9837efdde94e8a0e48b2fe2af6ad2e8c55af44f36ae71a8e9a2c53abd44fdd71e517c7005242201cbc60c73f622419e2c1d90fc24f7b030ebd0a85ebcbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72dbea6ab985f82c1f8926d71f094bed |
| SHA1 | f4bd60b5abd9ec334bf192380dc860d19a217840 |
| SHA256 | 16f39c0ba268855a498aee663ac177b12bca6a782e303793bde104a686d9bd42 |
| SHA512 | e728b8db1389cc6e04eb5dbb44dd2e537feb01c6c65d73c7623008844eb2a07f627bd4e72fc5c0bdc8782903e704efa7cdda291839b6354c4605fda1e5fad58f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17461f17e09d247227352b44205d9010 |
| SHA1 | c98ea74ae6d9e515bbc552904ff84bb622baa6ba |
| SHA256 | 990487a01ae38ef0ef527336e4afb24af7017b065f0700084330ad4268cd641d |
| SHA512 | 717cb7c0ced30f7c39feba010483beec16b1a40d7040a1ae7ce0f11570abff2791730cc7ce9ecf85615303e9c46f891ece2af30a987777b1d093718a7dfa0270 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dc9d5147be9d8b62dee1059a12cfc32 |
| SHA1 | 1bae2cb2ce60233982ec5557ee4ce61eaa51ca53 |
| SHA256 | 4483f53281ad7a6f3aa9ac366ebced66cfb33bf71960571b831f1f398db2a8fb |
| SHA512 | c7981429797f76e6f352a0452eb82e16f2938f7ce66648cc795f51d8960ac9775ca51c8d4efb06b67ca0c2845ac5c91b93fd5431361da97f76cb759a25fd8b20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a47ee061e377b5b71a055d913cdf3ea |
| SHA1 | df97d01d1d2356cf19cb1c090f75823c1b232de9 |
| SHA256 | 9fc62bbc58fa281f9667d942035c04af9bb3af0b07eea00a7c6b09c562be23cb |
| SHA512 | 3bfcd981ee25ed18c2851f91761720a503c0f26118f340fc7dabf43d54546a51c9700c54664ba41e012167844c6453f04b27e09bfa55b61cae2ff4b8db01c393 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2950f6aea3a671c13fc440faf4733481 |
| SHA1 | e45954e98b07885eabd4583df88405fd4ffcb477 |
| SHA256 | 18b109752f7167f19cac40c6d78586b2aae5826a31c69f7a8f48eb3aab90844c |
| SHA512 | 23d27359c2777625898c3517e1c4c5ddff9a730fc49eaa1383f50c6026881937c2d4fe803c49b84a760a2db622d9a28158afc638617611e681abec6fb56cf83c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50d9287abc0bebc7e6a93f92ebb88a22 |
| SHA1 | 058817854f201fedacb4b2456f7fbb9583fcfcb6 |
| SHA256 | 459049e78624827f3956a85c5fb08b7773e9af47427fba86c76fda3655ab9b90 |
| SHA512 | 3c0fb6fc0c30a2e3f47a39aa349930d18240953ab370885737656f30ac15d90d234b3ee4cb405440e7384aa1c9b1546500abc8b852edb9f5d7bb4ada0c8567eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 5136c0da506ea611c3629be2b948ac1d |
| SHA1 | cb7d7e39ff124b8196c24c4ec74220eb22ade0dc |
| SHA256 | 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed |
| SHA512 | 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | b0da405c68688a18b152e0bb648d85a7 |
| SHA1 | c09fd14c4506823b42db1bbac68eddf5c9d744ac |
| SHA256 | 5081d90f642996683d443f73bd659a6bfb08726cffdb7cfe1d44df65e81e2555 |
| SHA512 | 2238b24d1812feba364e99cde6b39bbe58fa18da76d87ef923e659f68d6838b3126b77b45aa9b9b0c833f900887bd5483a0bb8699dcc3a6217dc4eb8fbfbf0fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | d4576f98cba18c5f042964afe0e061d6 |
| SHA1 | 6890358761a4f90e9519cbc06cd8f999d80a465d |
| SHA256 | 4446d72198a14edfba41616ace6878e1a24aea2beff2e8ed8e71c3e092efa677 |
| SHA512 | afd5518f79955ac4bba302606e4baf37291f4242414936407f11b5b00090d8f828b88f326aac7eedc34c224f74f853f7b7d259de2a75a4a096562c9c1ddb4bd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | e17fb5d98be6e7fed12acb95bf7da534 |
| SHA1 | b4d96dea106908aa01d59f1b322df35a0428e798 |
| SHA256 | 42fe255d8462ee9208e69de9d020739d42fed9542440649eea3eec9ade784525 |
| SHA512 | 01760c3f8306d5ff3ea7ed4acceb20b60156dfa68e71a9f4ac7dc26da47b467cc0d513ddf486379ae5521cef058e906960b67041713c32dab00d8299761e1f5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 862058340c2596a6c003b5d2ef63aada |
| SHA1 | 6c18a4874f1863f184df198c673af17f4ca4b926 |
| SHA256 | c7ba25555d7b8a117a0cf9453240a5a78d4b85b0cd3e88c720f6d4db3078005d |
| SHA512 | 075233f0e5835f7b4c780b8e95f381c69270be24108eb949c72455e89cf20df2e144e57d76a4c0e61c6b0c60b513640438e1408e32bab147d3ccc9949a56d601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 6bf4301abe04c484a31df4bdab7785da |
| SHA1 | 5dd6123ffe3bc4b9727f28600d05b2876bf421bd |
| SHA256 | 9ef2f16fd4933e6c0ac051869a3ad2910edd0ca6d90291ae82ef9cb38a631f56 |
| SHA512 | 21d974f9552a877d6589516d06e6ca62b376232fb9bac63063a7d8b898ba15c7fd4af39c98c7c0eaf1310486340755b828872f87c7f0460eb1cdf0983ec2da9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517
| MD5 | 53d960063761d7bd2cbd194171f87efc |
| SHA1 | 9489b5a62bb6db70baf986601b959418b11af3fd |
| SHA256 | e676f1064e44d6e4ef91c81c0198cad7b9354f4affa4046799d1bcc982b96be1 |
| SHA512 | 6a2e783d2990c9fde91e0e68bfb70344ba33c330cc1acd9c5b1b9abb1052a350cd344f28ef9c22c86783ab9fd2a3b0322104e69917029d492b5c9fe1bf68e4bc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | 67ddeb671c9b21b719cd01c0b7b00afe |
| SHA1 | 6be2c10e9a3b8a6dd48cee782b911a767ca387fd |
| SHA256 | 16d2c66f0a8b622f4f0bb0835f14fb9693d7ad428b22696c83b40487f98f07a7 |
| SHA512 | c4b8dc56833490935d23ec680d9624ee10630ea89610c0b533a278a59bf9fa6aee8f8bc2ff2dacae9ede2b4623aef741edefeb2828788b810471d72b100233b3 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | c5a668f79b2728f08fc17761c00cd1c2 |
| SHA1 | 9c40db812507328f28ea5b554a696b08f2953ee1 |
| SHA256 | 449ef60ef451a0bb81d278fdb8f82a77d0b02ad5957fc2ab508050025f54b7e2 |
| SHA512 | 657d0588fa6f84086a0e1642e53ddef8078ec47562992c464f66ea1a65d0da3f81548d11a87afb0a8702b74dfff8f83e6a08b96cce618bc4f2359df2145ea1c2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\js[3].js
| MD5 | 5dbe81ccf52e9a6441e3c5615ffdde49 |
| SHA1 | 874976380f6bd66ed1ecb5fad1d35121bc447988 |
| SHA256 | 671b54787bc2e4a6c139aeaba206459537b23aef0fdf05d189c6bd4c58d5c1bb |
| SHA512 | 6661ec7d51031809a27767278ad6e32752aa18973fbad76ec19055c8000cbcbebb8f1bce4689ac686bf5856c910ed2762ac7c23a1a5f2b2fd0a7781220a5ecd2 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | 59ae617e757c2b1523cdfc2fa93b024d |
| SHA1 | 48442095a980696e9cabc7b4ed2e8d127214ee1d |
| SHA256 | 10727af558885e1a8191f403536ef630209434d8c283759ab731675643a3d3d4 |
| SHA512 | c3984cc66f58bdd34e3839bb3163c6980a7d406d787f58db1f50cce87146d0eb629e0c57408975467810850c72c48328c2dadcbf633f2d54528c630c94f4d823 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | 748972da62fbfed557a0c92d289b4393 |
| SHA1 | 79178b4cac4ea2067ec763e86d0a077b6e9d3d0a |
| SHA256 | 81899b77c3f6a70dbeb508474e01ac5cb865cf6044586e41328adc4bd3979859 |
| SHA512 | 1706200473244c7f2e307928a397dee79af9820339c8d52df6a10712004a28c72210a544227578a7f2ff6fcec82432c63bf6adbb37ea72a3e67e1ed4f37d9675 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | e108b81fdeafe23cd32e95f1b3b62911 |
| SHA1 | 7c73d362dbf0c787153f926d0669b292cdd9040b |
| SHA256 | 02173e63edea07f3187d717f448c1dc0e70d13a3410c3ab308b368fca8d729bb |
| SHA512 | 04932275e9b114da9ea2241d3bf3f60cafc9670a7a1bebffd0a4222d5c41d61d7ed48e2382ad96dfb4597c0536e5b310de7224fba12c599fb0bfa351a0aea80f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | d156effb539a2d13dc9269c229999122 |
| SHA1 | f3df32267290c288ed8532a847866181220d32c3 |
| SHA256 | a5fa88b8f35084641a260c2eaade4c29596f548b305f8c75b9aab15f13fe8b74 |
| SHA512 | c128d2d60ebdf8009d43b182895aa2b82c3996d71e2b53740ee29a9207244d2d6fe0494d4937cf7d16d8e6fa9e6adea5118572e8820381ff875464a9ad79c315 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | 2aa7ed0d45d50afde6ee33eed5bc3625 |
| SHA1 | 7f8b54f02e3039db4ced858446e139ae36a0ac43 |
| SHA256 | 9110f40f0ddf03f62b4f71f4b706b529ca1dee41b181a6ebee5a4d112bbca962 |
| SHA512 | 9f33fc8db31788ededc7a006187fac61f300fda8a6e5e56c2db8a62077429d2d4275d002b79679216ac3fe46df25b8bcefdc3015967c41fd89e11d370ab4b609 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n4uupnw\imagestore.dat
| MD5 | 12cce9157e466b87b10bcd1119ff3b11 |
| SHA1 | 439fd737e78615b0d2c154ec87656231768f86a9 |
| SHA256 | b3caf787291b0d106ca1ae9b1e992d417e31536166edd507eae1fb3120800dc3 |
| SHA512 | cfa8e9795f64ca8ab2c6500fabe97786d27587a5e4a48e7405b00c6c6cd2c79f0aa02fa9109ce785c304cdd661a574358532e15514af358d1e1738b462402343 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | dfb49b9c41faae9b6131b32a3c26c541 |
| SHA1 | 6b8915916a80c0202fd1c3579b6839202e6dc8d1 |
| SHA256 | d741550bc93156927c48fe3dcb33ed37b26e8225156fd19529f0284fb201e96d |
| SHA512 | 580913602c54101177fc2a11b37db920679489f11f574485852730e223d08b678e30151865c29890048ee3d7eceb2bb23d601e2c27517fb448ddd1646dcfb541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 689dba8a4d0808ea22ae31d61337b773 |
| SHA1 | db04d0ecb03f2ecc9da1ab56532ee1202ebf311d |
| SHA256 | 6adffa1777a89c148803c26f26e86f1133a52585a78e99c0ea5a377610a9bbca |
| SHA512 | 24cbdedd86c1a31b56f691fb8387cae0916ac98aed8a87d7b01bf8d31fed56a9861dfdd9b27360ed10e9476161d7ba3a5d5fcf432ef1fbb0895b83c8acdd6c3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3b4b142863f36dd9953438dc0e211ae |
| SHA1 | 62fee4d5b76ad8f93838ee539dcfb030b2bc6dda |
| SHA256 | 2793eff8b285630a0daf123b7608a0b8615f25949d7eace0998c2c23aeec7789 |
| SHA512 | 8992a1ba49f7d709f1b289675bdfe9df28be2ca607ac4b8d4e333f4ae44af656b4a3fbe3b8667f298204fcdf591d0b5db8cfe829fa0fc28f1ec0c70b1821f536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d99bc99ef4c50278fc81e6ec1546bcc |
| SHA1 | e7b3cf132e17a3ae999f9508094cc67cc4ea21a7 |
| SHA256 | 3eb0a032eddb76a8080094d95baf4921d9c28e8cd45f0267ce076bf4f7ca7c67 |
| SHA512 | 6a92061d04c8f646de19443a9873174d137a1ef7b099a62b584ca5b09d86f64e55de5ed44e19f33c4f04689def8c5b367cbcfc7999bb36950b0514810350b503 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fad703bc849af2f672d07f62fabb8c8 |
| SHA1 | aa5ecf49286e9b0fd3e706c72d4eac1e2423d13a |
| SHA256 | 6a996a129bd4c355607568ee4df8e00ff656e7ab0296339c47fb188b03a6ea79 |
| SHA512 | 9b05ce61c9d3733e997d708dc2b4ba757543df1ab1eee8d728e233d5e67d7d9ecd1317f447f1bc14fed6d36936a284bc204151808a3bc20fbb354c9cdc2c1204 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f95e0e1c99d3cdfe2d1fb9d377e39186 |
| SHA1 | 7d7cb0b7786d09ac3075002e2977f7351c8e03d3 |
| SHA256 | 44e14847b5afd28ebb02b4a15db8f061db5797e3c71426a7d806954933c04b5f |
| SHA512 | 414e5ecbc6a7a946edfe785353b7afe50e3370638bdbae32b35d2915e1e5b6d2feba9016eb06dda175ae52e3a771568631072cbc7ddb9a097898183c8156f97f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2c07019ac828ed8b0279d2a59a1c070 |
| SHA1 | 07de37c2928295048c485535b56956823c04d9f9 |
| SHA256 | c1fdce9f6c00176baf6b1fca97c78a9b5787af2ae24a2a3d8e4022590d1496e6 |
| SHA512 | 99b1a335430379d9c8b6d2a38146622a93bee99accea259f51761c869a4697273eaf4af158024c4c2c974bd4964abc26b8f290380822b09db39d0043cf97f4a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37066facebff8c3a4720063fefcf7f25 |
| SHA1 | 8e20a68d8e8f626faa10c33ab163eb4fe9b7811e |
| SHA256 | 3c541b105cffd520d897d31e2d683051f964cadceeaa5222f39a32c68945505e |
| SHA512 | 8a001f7c77f08ec77f99694c47a55f2a6aba68262d379b3bdc8384c371f0d16d10a2bb95d7e585c6c6b0edc32c31c963bbb0d7ee6bd4eae474c664974254a48b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2158366d7ffe789f23bf10ec00ec258 |
| SHA1 | 405d1ed8d085f648fdd33a20016d2dce77ac3cf1 |
| SHA256 | 08386b732f8b6b5881d4216087ccd021918e111cff3ebd062c2e9090a80d6e7b |
| SHA512 | 96a561c98af8d61d47729c2c0d8c4a1e0635ce304a32bad153af7587bbc68433ccec2f5d80496f5dbedd5fe34a0db2d1be9f65c22f3253df2e326f5367aef097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7bc160d94e782343c254bbcd01df024 |
| SHA1 | 977cee72900869ba35029e833664d1a98c26e09b |
| SHA256 | 9d7b3126c7c8b297182d5638b68e437517075e4d4eadbdd8adf102e06db7b9f2 |
| SHA512 | 7ea0f515409196497b9c798aaee9d9370c919b0843575e5e27576f3a7db5b500bc44d10f6f26a2c893a2f8b4ab8a4adc04fdd0ceabf430e14812daf28b61c4af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d8f362998e77c1a1835a6ceb38d78bc |
| SHA1 | 1ae359871dc04df5dab5b4eb63ac050934fc78a6 |
| SHA256 | 7fa3f2a2f3a118a28a5e31fe4ed900f5893702b981b886559b9869519f2537e1 |
| SHA512 | 440a36ee6288e42bf19b53368c867825400c8c7916bcb70e13995b2574abf47d5892d5d2b4ddd2c01fcb311efdc8161f577c03344286907bcc8d5b7c38dfceef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 13f9c54c138335fbc6556e2eeba797a5 |
| SHA1 | 0d3495d77eed8492213394e4d9ac8882bcd236c4 |
| SHA256 | d3713e60b2c52832cd343286289298460ef8d112b7dc8139b386ce7d68c47b53 |
| SHA512 | abb1160447e57011691f4aca25a01b1da771ce0e745ca72edb90dfb0baf02191447f6ec6887f17ed53d14b0d18c9cfdd7ca3415adcfc97aadc84ebeb200098cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7514f295f012eeaee868c5b24f5ca3da |
| SHA1 | ccd3e778d084b3cfc1c2c7a1695606768ca00ac1 |
| SHA256 | 2371a4c3ad85ae99df74f26dd5a1455c3635cbdf46169b49c54ab27a055b9523 |
| SHA512 | 26647a149587599616045ff0020cf6398f849e9c9930346a1ee4593f33bb4db2d648e56085eefa0599a0417125d24bea0034b73e86b30fe49d50f8c65010819d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee3234bf9cb2d8d58c316db59ac9cd83 |
| SHA1 | 4569bfebaa5445fb9398d3cfd274d134da354c43 |
| SHA256 | 10c8060f60053bc783cb5b1ba917c57e15922aabfcede8b6e80578eec31f128d |
| SHA512 | 6e5d1a95e2f15c29162b6e7cfefae4b43ad034e7a707e0889203f8789029a40d9aa19bd55c90f6bee27232117f84650e5e10a70868dc590ce8b308d9e244c398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db56b2fce7dd983c6b61d507e1106b64 |
| SHA1 | f43f29cf9deabd7e85177a4ad4ecf0cda5d7cd7c |
| SHA256 | 521da3bd7d7e601031549926c8e14731cf5797fd40c42e11cbaa42c7aaeedbdb |
| SHA512 | eba010b91e8e6a55247c71fd9b3b57873940a09a55ea899da6edc896509f4ec83e6cb9d158b37b90042703cd663860f478fbfb9d366532192cb3576a412b058b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e952c4767128fa3b1f8d70d926bca279 |
| SHA1 | ba391a2fa2fbd6b374f5e613f846d50470cd374f |
| SHA256 | d97333827e4fa81f73027e243701bc5f305d709eb19109475938c61a043f7a36 |
| SHA512 | 86546d3865c19f3442af4ec55493abf5f68a3394464098b5d64528293d8543a931d7540ebcbe63ecba3641d49b212151ae5c81ddba2cac8b1c604a613460757a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de8b13628fbdbdc63307d034b24b8db6 |
| SHA1 | 07107e32a2fd9320a30db7802f6123d9d7f9d37e |
| SHA256 | c5c57bc0a29e059bcd76b88fcd3c930d2faee3bf9902ec83627619f86d23b31a |
| SHA512 | 9fb168108ad767c2aae4d1290b8f540a83474e02985b932f022792c799d2cd2faf9804eee01604f82b9036634794eedea796b7bf6acb701ca00c9689cc2f74f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c695d43235f7fef045c0dedce65b17b |
| SHA1 | 222a78fac27b2838c4125a53c83e032aeb6319a7 |
| SHA256 | 84f3d89f79f06e2bc00411079367f17bd34c101ff71e035aefecfbe22db756c0 |
| SHA512 | 4c72b122d212ecb573f25a1079959fedc4f8db0637ba191b417bd5bfb9ab6013f57be7813979ee08e51207e363177723a4cee554c91a858f57fd90cb800f850c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2a4b75a89198c2e8cce8dc2189944c16 |
| SHA1 | 29d10058f942aa6e5406059ce4f9a9015a99f15e |
| SHA256 | 8704a997c4317926ebaf295e499ada612dca3476776fc5f10f11391ea8a8181e |
| SHA512 | e55e2572215c2519dc9a2ecdca1d94e23338911e00581f4662c7ba6211c8992efc8931b84f95960e17001e5eed29f0e2d00ae08788598fa3244cccc89834ccc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5ab081d2c547b6067eeafb43431660 |
| SHA1 | dc744911c1e48725c0a2dda5469e520b0b8509d4 |
| SHA256 | ac4b44fcd322bcbcff1ba528bff98bb4839409114b39e59ee7191c69d4ba3bdc |
| SHA512 | f173dd23dca5c0a8fd9abce244aac6a4ca87bbb4e32ea6e4a5b5bc09f25d864bb2e550f1f350339090577e336049dc23fbe0cf30afbc0831aec284435cc5019a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0317f6056cfa0a5fc47533e59fe5f6a |
| SHA1 | a5110c0ea79d41d565e0f3f018d91aa7cc5f0551 |
| SHA256 | bc61d76153290bd521d5028454e61e723f9e4bb34672a989d4b7fe2896b0bf79 |
| SHA512 | 1a24e3fb9ce444a7cc8d418334a1397e858595f1b33263bb61a7382ab03a198348284323f693baebd5486fb939d7e9cd068e295c6889043be277ed8e39cd0f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4d4fecbf3c5e819ab8c6b34b30b0a41 |
| SHA1 | 3d170e44909875838546ed2dfd37525078682eef |
| SHA256 | ad022c0272f37bd99c7c4d25203e063f077a9d6e0bf658692d133efeb5d6fc55 |
| SHA512 | c6df2968a742dccb75b31f3d0acb3761a92976eb5c12e61e87ffcd36667ad20765a99fdf209ff4263cc012f321e213b7c4718705ec76a940c238163be0e0616d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\ga[1].js
| MD5 | e9372f0ebbcf71f851e3d321ef2a8e5a |
| SHA1 | 2c7d19d1af7d97085c977d1b69dcb8b84483d87c |
| SHA256 | 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f |
| SHA512 | c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\15817fe8ed125932081b163388897a93e3792747318cd107adc2d569e8bf7c7e[1].css
| MD5 | 5da20bb16e7e2cc25ec78c1cf9fc2d94 |
| SHA1 | ed40c12802de918d956fdc6461430338bd3265b2 |
| SHA256 | 99f88b5837119f32ed7e589bc241c91b58a42281cc72390979c376f6e7514345 |
| SHA512 | 893331e206092f9830a5284e3c9aaec581c0e146857bd7539b50bde67b3ae40a92f71d78a998b6a07e0fb7112337df740ec245c840cc4adec3d4959ed11ac6f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\b8f8f15a57a66e73469ae72eea7d8905346afa78b9f2397627cd099f7dcc779a[1].css
| MD5 | 4822b35d6907be7deb782a70cd7d8ac2 |
| SHA1 | 1ae9d83eb6fd731044d638013370ab016519b7b5 |
| SHA256 | 55fadb9d729a01259ece92f76daf5defd5b86755fcf3f1928fc5f2eef61fa0f6 |
| SHA512 | 171f93bb091c0fca9efe8a7d5818d0b13efadf728242fbea9fa7497f959f433b8c63b4e5961a3ba80e8f3ee3c450e7061aba4489ae480df595b0a07599d895e0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\da45920fef8b22d35ee6cce0702d290241252fbfd99695e2abc0934d20de0974[1].css
| MD5 | b99c303f3ba644a8a6c5e5b69a96809f |
| SHA1 | de8bbd869cced07d0189e48f990d2b04a380eac2 |
| SHA256 | 0569e3633081ec425333bdc8c58d6a06254ffd1e30a79afa7a0eea47c2d0c78f |
| SHA512 | 1bff99be3a413eb3376a913a7916be873d15516cc3358cb7f8dbead3574933e538cc00b8021316e1626a52cfe41a9d6a2760f1a9dae9d598a4e87fb38a8cbfc0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\2c2a709240897ce382b7ff55be4347cd0994ab1e2d6ed3b56649e54b0e97e13a[1].css
| MD5 | e8f199f0cef481db4a12c2e1a3ef3fe3 |
| SHA1 | fa8533d7f01329a48afd6ed03b5eaf5558812a69 |
| SHA256 | de4d5f622b0d168175e83197607d670c2ce8e1f4f2653009a97bd55d6bc3b11a |
| SHA512 | c165b6c00be0d358502d54ed5adc69826eb01ed751a0702dc62e7c207247d69a06c119f188ff55c58a68a44ac9a1505ee5711ca545b1fdd096aa04ceb8d36d84 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\6edb2191aa318f963253361b43d2657a04b3d16e9c28fe7b22d4a4d5686f1cb4[1].css
| MD5 | 1fa2b76195265ddbe69d3fd5ed9a53b3 |
| SHA1 | 4d2aceed14d021ce962a5ccad5a8fe0bd2d6a29b |
| SHA256 | e2cda1d6e9df7af6208ebaae014fce5b4e3de28b07dfafc63e8afd20269ba592 |
| SHA512 | 6c11b8f2949f1d642ce58bbae034cd7a22cd731e0111019769e2b1079d95e30923f99fde364d0022ed1c5ea6434ccc1b2eaaca4412d4e0721c85a73b8c0d904a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\08def520152a575438e73a81aa9a310c2415c327df7b624a24aa6e794d24dba3[1].css
| MD5 | 23e12161d0fe06e8be36968b15bd225b |
| SHA1 | 3ac9909b4f8227a29981a008cd2809216ca04fe7 |
| SHA256 | 7f20f213d19cf5d49883b2ac02c45b3738a0696e9f72a395710ef4b93e395ded |
| SHA512 | 661d0308e5c57ce02d8e46a8cca12b1dec9c81e0769c9265eb4c530b293a996f0862b4a28df36bc952569b3a14cd90ac1d154064fa2ec48b7d5d2f9f178964ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\d584565dd1339ac8a09691938aa4cff54511f32a9bba1b9f013d6e32195b4f5a[1].css
| MD5 | b81cb3cec48c6010d0bb096b5e635ff3 |
| SHA1 | 9225d106767415b2f8842801f432ef4fba7e66a4 |
| SHA256 | 38cc1c155acca368b88abcc00badc1947129ab7022d3d3dbb07cf147ca5ae6bc |
| SHA512 | 6dcdcbc5f336224e71fc413a50b657e2408da9c786ccc8c622443d0c8dfe8a0350781b731ff2db47e517dde1ddff9b4f7e1edbe91157ddac44d22c5f9483b548 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3c4bd9b17b9020d9ebc87d4542a68a949a9de6150a55a92f0e65514520ee777e[1].css
| MD5 | 3306ce36a2916143de21338749091100 |
| SHA1 | e18d27d598c5b05097fdde260939e55039dbc480 |
| SHA256 | 95c73aed10516aca84774c1858f4dd2cdc9c9d3547952c941cafc0cb2e72d46f |
| SHA512 | 3b3a5bbda0226232bd08f9f4bf2956310387a8fe18e87ebafcb5ff452058a8627e5da3eac34248b21708034a722d97132fca48976d789a4a249809680f4af92d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\68f976f4a3f8f3a6aae074879170e579451270e693d2361491b1c1bb9ac5e4c5[1].css
| MD5 | e7aeb2ae4be8e6a696b3e1e38205b83c |
| SHA1 | ff3985f26ab7929aff563b6005cd2e9186cd876d |
| SHA256 | 0423c2d03f807a77aa61cf3127a1ce430a3c1ae47a7d3c22471857b600e3f156 |
| SHA512 | b8489fbc16fef28f12dacc446320aad71a18b7f5a70b6c4e6436e71d06a30105915400cfcef096a8d16f2687b3ce7636634c63acfd8f3e4a8bfa709dfdfb8e85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\d5a3728b78be729b693aadf79a1f45f0fa49c15fe863a0d7dd631b75f9e82207[1].css
| MD5 | 9c33609893ba704e16ae19f563888e5a |
| SHA1 | 9bcc2f77c6e9cdf2842b5a5ce8e8d236408a257c |
| SHA256 | 2ccd7eaf7c0888ceb1e968925904718ef6371d7e00bcb60bf9a9a2044104a4b2 |
| SHA512 | bc2bfd0e1a6f498ac4200fb94a7ac06899ad9fa61b6ad78b5c1475f1a14bd7a52db3ad34c06695a10e290424d13ad43f3df6100873c588f5c64944452c32dddd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\772034db167d3f4260047db4a7f2b8a58cf448709327013541e47c8962b6e556[1].js
| MD5 | 9d820d1a7b2108579da7302ef37531b1 |
| SHA1 | 091d2c110700001859da3d8c763ed7d08429d06b |
| SHA256 | 4d2f70d0cfb86f81cd532910fe1af8e18d7d2f029fc1e7cce680d2b8cd3a7679 |
| SHA512 | d23d0ce48f340dabd709dcfc79bb92286ae6bfe4f2ed78f093f7d14a49b4d9819083c03c7819c67c2bd7e8d483ad6b000f9987793248e855301fdb2cf5a213f6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\4db2f741b7a3ec36d11fec999ce33f708ae85641cabfd27e11e0935928f7d9c4[1].js
| MD5 | 92ee80da236a62b17856c65a02e916a9 |
| SHA1 | 00082c564f38b7fef6f5f013f79d44166009154c |
| SHA256 | 541c4f65e7c57a945b620885428d10bc30d0373c192302c9911541064718a4e8 |
| SHA512 | 8cc7d463ae19febad1c023bf65612970e94d5798d88d50deffebf1a3665da956f7db5d946380eee5cb23d534837600c638ac3092f566465e422fb6b16adcace0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\97cb9ac7262155c329a259fce9f940f9bcfa852a6a1ccb44bd8a41c31e84e54b[1].js
| MD5 | 1b8fb85a5d25b08fced195d7bd30cef7 |
| SHA1 | f8b583c3eaebc54c6bbf89d94cdda74866e7fc48 |
| SHA256 | 20d5b09d6c517819132cdfea7884d988f450e411916ee916352a169a826c8cb0 |
| SHA512 | c41cc155cda417df06686a23bf6ce9f2d531523188d142aefce06626ddb1ece3f701de9c9b1f60fe569cbd05caf4522c705c90a011662a2dac3d00fd7d75c763 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\edc66704bd1974195d8c60f4a163441bec82f1bcb11c492e7df07c43f45a4d49[1].js
| MD5 | 096c52a1373d3402d1891e78a72ff1ca |
| SHA1 | af06578e590bb4bdedc93e2929d7b93aa3965cba |
| SHA256 | 3d6ae062089115769f8b39aa37e26311b99f256b82af68aef72a1f725faf3168 |
| SHA512 | d62af442920bece0304b494ce9a04a7222e69ee5f97b50bde3db333ea807530a235f3076f0ab7e08f5ed6adf4c3cf897e1ea1281d3fec45dbcfa6b1375dfbdca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\adeccc658a8d5ddc63fb224cc0bcd3e29b73d70db3847c0379426bfa128d9381[1].js
| MD5 | 9e6058494cccae8c1eecb3917c9e47b8 |
| SHA1 | c4d6f09a7cfe8e380e64e7bbd57f230ecb422d06 |
| SHA256 | 0d5a48a425f1afa73c260137e2ea2ba39491ae5dee9277f4882a0eeae0a221b5 |
| SHA512 | fd5c74e32886d06d8b790dabd4dc8734b51d263e972eb02a9167eabd7c0188cd2b803e3374a656b250f19805225445a5824a84569ede996f3c83b99e92ff1d30 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\js[2].js
| MD5 | 3878ab63cd7417084fefea8a17b2ed70 |
| SHA1 | b6dcb155378be8dfae6e0dd178e756affaa8c68a |
| SHA256 | 4979b3339c9de68f407e904243cf0add3f62cc989b69ded781feb7dc8b7dd5d9 |
| SHA512 | bec379418c99c30a54e359c97a662d2b20e8479a067808d0fa3f9afe60d1eaa599ce84803b85101d6646f6f5fb0b22ff3104578a339f9a9da4b553ee28b5269c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5c779fadf28d7893108d5b896e092e0d-GothamSSm-Light[1].woff
| MD5 | 5c779fadf28d7893108d5b896e092e0d |
| SHA1 | 9e30dd79b35c884925d8f4b8dcfb4f30f062cd10 |
| SHA256 | dde254a5345aea2d61098d4cf6f89af4cf1fe11b69345ba7324655b254ac286a |
| SHA512 | 18ef9ed6f342f19ff2029f999798d7c8a0c68b022fd117b24b883f68adf85b1d1245078162a3d66db14cb92beddb5be718d23fbc4171f22da2f4e76faac81150 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3ac436cddb043616a4059aa6fe3b0c0a-GothamSSm-Black[1].woff
| MD5 | 3ac436cddb043616a4059aa6fe3b0c0a |
| SHA1 | feaedcd1f6a04c709c042d27e2989feb7fd8bbf3 |
| SHA256 | 3507166f4e17a878edb60bf631000cf684894aec3e340627ab716c0da94b2743 |
| SHA512 | d15ccc385b87b170539b99a452b654c4479b12684dfa33e0cb1f85caae2c7a24f640354b9930d0867662bdd11085c227f46ab5a9b1b3d261f65ad33faab53ce4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\fe0e9885efc341b17f7e600781493f69-GothamSSm-Bold[1].woff
| MD5 | fe0e9885efc341b17f7e600781493f69 |
| SHA1 | 424c8cf3af83a269579cfd4c040e6eb6f67316f9 |
| SHA256 | be7c8a03cf754daf4ede018bc98b4c58c6224b45dfb15e639996c9345e61d905 |
| SHA512 | f7152efaec206cbb518b1f48fe47b79c12a1b88136feb4dc0ed0e8f8b3fadb36e6994608e6481093883439e9f3c5792d86b4f64b13d4a3302b178e767abb885e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\2ed7693f8cf4d79466dd604c35502f76-GothamSSm-Medium[1].woff
| MD5 | 2ed7693f8cf4d79466dd604c35502f76 |
| SHA1 | 50f205901b4b50b777ec024cf1142eff38b92d21 |
| SHA256 | 24909631879a063171288611fba23cd68ab3bf99f5bb8646e297cb0bd7040379 |
| SHA512 | ecafec254da8765c894d359600e738e6c82d0da7bb1238723d86674d8d60b70d9f3c9ab881162f06a90aa3922b692817d7fd069b95cd654670a494dc5dfcac18 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\713e0b3a604ff4e44f55f9d1c100e8b5-GothamSSm-Book[1].woff
| MD5 | 713e0b3a604ff4e44f55f9d1c100e8b5 |
| SHA1 | b024711998cc92777241b1401ca39c82565f2d26 |
| SHA256 | 7daea40b38c44630a22ed4ebdb0502847f58339094089865025e0909145deb01 |
| SHA512 | f6125a31fb7198ac12027235c92018fc085859423ab1c1ec4d2bb75aeba317b49e7a17727ed106539cd9938aaf6e4296862c228bffb841e1ce372a91df907c02 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\d44520f7da5ec476cfb1704d91bab327[1].js
| MD5 | d44520f7da5ec476cfb1704d91bab327 |
| SHA1 | 1ee37fc25f13918178b67c51e3e0776fa8f69ecc |
| SHA256 | be3020d0ec0c5c5a6c49c2b49e5d7bb4292733c958f61fd3d54a8b282f9b5b4b |
| SHA512 | d1d4f8ae3e7fb7d01df0949b3446c36be14514071c69c2fe7218d11ecdaf8a56a732391035de9aa117897c27fdee4a04d8613c9940706272d119440cfd2cb7f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\f424a786e3d883cff747a034605fa09d[1].js
| MD5 | f424a786e3d883cff747a034605fa09d |
| SHA1 | 4a103acc6e8aae01d16dde9191a6e98cb9c61729 |
| SHA256 | 3815938b03f2c83c093dea3e7d8f2efa5d915bc01c1b331e8b6b517008410e28 |
| SHA512 | 626d7c2e747c87b952494c23bc5013cbb1158be7183914263e5ca437c1835217df728e04dee543a3cfd431ae787c815bd9afcba8cd37ea90572d6626cc47ee92 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\95044be3ff42e3dc429313faca1316cea62f328a39e29689ffeda9002f3a8bc6[1].js
| MD5 | 4ee607ed79a8c978e7086df3a746f907 |
| SHA1 | 89118f719b63bafa0cc58347fc4c4b53a481b141 |
| SHA256 | b2ff65837db33c8b8e8dd59e01f3f3b094f742195c8d6f217c783baade88307a |
| SHA512 | 148cc5adb95dce871728914774c320502657d8e49a72794d60abbfb53958c373175a3697b4629d81f15ef0a542c5919669609766a976917b4fc49ab5ec99e509 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\83d836a661ff433d5b7ce719c489e43af590ff75ab39ccc6d393546fe91b766a[1].js
| MD5 | 3ee7ef4fbd7fd6a8598053bb1c9163ac |
| SHA1 | 477c9e17205ab78bc62d93a04874f0dd2d42f503 |
| SHA256 | 31ef50611f6981b083bc1c17f1a2d9df1c2b1722d63548902000e47dab835c65 |
| SHA512 | 209ca44ff68bfcb676fe7675d06c4de32c0718bbcf79ffb8b3cb7b9d6b9c152f95a90c42324839a743b8b8883aefb4f2560e7b19a90c9a7159b4dd185e4540d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\3c84a31c3546577e47417d37f78dbbf044ba1d31fc4386e48673b9fc319c1851[1].js
| MD5 | 3ce848a933bb217db0cda6bdd81e779e |
| SHA1 | f08a091c24e0b3267e7f0e72978bee04aa24b396 |
| SHA256 | 74e9744c8c5bef3a3d3e28eacddfc8b3d45e2159aec906e925a3bb60ef96c7ff |
| SHA512 | 3e04e2aa60c417ea5fed6dc11660ecc6f5e74c096f5ca65f4178973bd2580cd354edc687c35b76673ed5f61f93c10e4aacba999c1d2fbfa6b1f245c90e664ecf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\b79589d3dfb2446936aac95605deaa507ce5bc3e09073bac7dd04872880694c2[1].js
| MD5 | 6cfed30cdb69f19c15da9442ad3f8eb7 |
| SHA1 | c0e81e60512fbbcc3c50c9759f4105cd5a442185 |
| SHA256 | 0c9969537d1177c77bbe5ee1670a235a8daa10d6f7e6ded34c2b5c1ce3c56f53 |
| SHA512 | eb9ee827c5944cbdeb0f4adb20f152df483b5da77d2ae995e890bfa75da83c0fb09ab059b737190f89703f424ed406acce954583c428adb93d0ac862efdfab7b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\cf340fb618d9a73913b30dfc624ae60d68b9e59723746e6c08d06d14ebdd6dca[1].js
| MD5 | e635901144a084ea5240665be5baa113 |
| SHA1 | 2724788f7eecc052c60a594b5d5801e988fb5426 |
| SHA256 | 75b3ddcbc6f99b27f6b577d7995921c0231ee1ac578f6f9bfd869c21ad973b6a |
| SHA512 | 4043d80e5999d8b04d9521460539a23baa831d5df668954552c0181c1bd06ac17f21868b2a91c2f6d9acae3f3e8d825afb17b1488b26e74a72d717764f4c1b8f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\0346acf635cbe0dc3b71af9a6be331830c5b9a2505bebc4dba6299d1f463de61[1].js
| MD5 | 7fd0ed1f62e7d9cd7a811756afa3850e |
| SHA1 | 5e9a7fc74cd42d6aefb8fd58e7470caaa1591086 |
| SHA256 | b896de417b6b460c88b81b3bd51651b9ac8a315584602229569fbebfe4c803ec |
| SHA512 | 667e128c49fe10c01f57efa886ae9d3e71af02f24dc84e470adc1f3759715292b58345307bd4073308e4b3ce49394262b247b53dd2ed62922906bae24eba966c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\5259cfe8a3e36118bd61120693dbba3ba87f2c3641f84bb07e29f1d69fe87523[1].js
| MD5 | 08c66093a701ea84318ba5ad26752a61 |
| SHA1 | d244d4c153c2b0fb39eb3c454fae6bfa4f296595 |
| SHA256 | 524ccd7b4aac1d1232bba66f088c8ccdff7edbde4ca0d5fa02e3e1ffcc1fb12b |
| SHA512 | 31d99eb9077846a516a7040c0c6eb0e807426e754866e9c19b3f995b935fc1a09e05759f4091937c27bec59e6829c0f886f23e3ee57e2015d4b122192ed30faf |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\ae3d621886e736e52c97008e085fa286[1].js
| MD5 | ae3d621886e736e52c97008e085fa286 |
| SHA1 | 31900203df1a406f70a07550b46348a93f222b78 |
| SHA256 | 1392837387676c45409ae3b5b0bb4e7d07d57d208c2107bd06e006e0a8cc7eee |
| SHA512 | ef30245df2b389af1b42a4c99b7987b4e4710d7474a8f278e97dce545d201d18b6c2276bdbf8ff0cf96960b6877600e974e7ea3b651cbebd8aaa2da600141d77 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\920fa8d7ee325f1b215a11d7f3729d3df89fe6164ba99818ff26b3346f6c058d[1].js
| MD5 | e9ab1060e62366198c15f21dbf3120b8 |
| SHA1 | 31290569ede9807c993249640ffed288a426aadb |
| SHA256 | 8cd530bfd624406ebc537c85d86508709ac7b929d9fb2a6b0d6ccc4986b8c8fa |
| SHA512 | 895268d1a40346b32b8f69dee3f5e27d098b0a1f82ac975b6ade771eeb4572232d932f647ebfb46ac84cdcfb4bc0109c1b6b60d385d4e77bcba43654e2883084 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\90f18784a43a70553e967191b948f70b0193df565f1605762c3c1e245ab4b55a[1].js
| MD5 | c49e367328ee66735ee008dabf980c13 |
| SHA1 | 42e2b079b242cabceabd36993c10490db726b622 |
| SHA256 | 69f08d5377fe083ca3799a7748dc20225e745a0fe259da250302a621764c3f56 |
| SHA512 | ce8fa6e90de3bddee318ca14df8cce49eb040bb5ca733e6236c193b901e3e130979331d543510f53cca0768f234cb5556c3995134ceeea0eb99a26877b60051d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\d5ea02ab1f95cb8aefa0a3f4cd0151b4220841fc448c2072d3481d95017db6ab[1].js
| MD5 | c8daad5ea5bb3ef8eaa734a68f47f603 |
| SHA1 | 15b752c7fd015f31899ddcfe22eac4f056b88ac8 |
| SHA256 | cf5534f80fc48f9278450a2cdf330c0675290691473087d8c1c726954073880d |
| SHA512 | 14d3c11e416754d00f125725432707f8caea737a84a4810542ae8880aa41e4a596a7adeb0839f1fd6b0d18ca44cf2bd2612039a3cc000c425fd61203b9ee5808 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\0a83202cf5f2310227e607928f73a26cdaa7d5c27f892b99ef51ec3b863a694d[1].js
| MD5 | d80a3874aef79a69e1a4456d24bf0399 |
| SHA1 | a52ce7de477ddfd7eec5ac657a7c6437ed1652b9 |
| SHA256 | 5645250fb0a22a76505e509ec6c2ca13ffa0578beee92d8731d7b05d26830fd7 |
| SHA512 | 421fdc1bd864a717eedd6f36e3fb7e52872fba3bda96bfb1afa8119f4a6e30830023805ae65340a39bd66bf6efa826c1b4a2f1db2c6a338c8b07fd2f067030bb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\ffcc04436179c6b2a6668fdfcfbf62b1[1].js
| MD5 | ffcc04436179c6b2a6668fdfcfbf62b1 |
| SHA1 | 95c03ab35a7c38096ef6185793300ba183ffc060 |
| SHA256 | 13057336e2107f788b42b26af46aab18168f83398a66b53052ef23ebf302a192 |
| SHA512 | c6278b0557b5844f1296fb6f3768b3de2af2ea7ccac8a0a742828f51d47268519b627bd535ac16fc555cccc5e58c3f5f43cf550034ff053fcb1e38300ca1b254 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\1da31fa41317a697c5845455d2a001650f36f202d352317e5ddc1613a262ef35[1].js
| MD5 | 7598f541fd31516097f6600f41884123 |
| SHA1 | 65b06a9387384f75bbed49944bbc9f2f7f8bf1b7 |
| SHA256 | 78cfe3a1fd6155c3a6e2e73083f13379c4871e808c91ee15187ff629a3e423be |
| SHA512 | eaaafb169c9f9d84fdd66e6cd5be7a34300d19723fe0cbdb1781b6668b667192b59ae883fe888db321c8382dc29eca92a9b6bd412d942631b129d8637b57f7f1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\13e5aebdae824009539fe2c02d26b760a073715785511060e8164dae78594b23[1].js
| MD5 | 9219ed2a0943322223229a2488009e83 |
| SHA1 | 70b0b7de4c216074c35233aa1ff6bb900070372c |
| SHA256 | d431ecbca366e2bf113a4a62c988d6305fc06175c4c5f5e209fe9c2f562ab183 |
| SHA512 | 93b935af58f4fff93ff73f05f582843bd6e6087557034385684e61e09dca5a8ffc3b36b7646087d1265bef04941d905751230f3c1b663de3df43318bb60d54d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\c4b0a446b38285f3db5472340f4ef27d737c87b78348e36dc7acbcfec89d70bf[1].js
| MD5 | 921ac3eedd28fa0e68ea4abc9d34be91 |
| SHA1 | bb13f419963d9a557dc23116dc6570b0b4f73378 |
| SHA256 | cdcbef4fda07710a79ef3d93e3f73726f6285495cdbd9c2994d921c3cc11604a |
| SHA512 | 67faa6d3c442003ad3c36cc168b7cebf5be7ac9d4feb1ea25ec6d54ad80ce3ca0757ea0089b0de4820957e4287f176d041382d4cb3bd8236474ae8bbb00099ff |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\57d1b7776de993a3bf8ace38e6efd8f8ce5b9a294362c029990f0cf131548531[1].js
| MD5 | f2614bff7a65f7ebf8798493bed698d7 |
| SHA1 | 2fe435c824fc6d7ce227082904edb06f84a2277d |
| SHA256 | f02997b17a11bd547e9b27e00849d785a450504166558f5edc89c593f966fd1c |
| SHA512 | 8d1c606cb9f629ccdb19a6d4537427d46a40b9f9ca4264002f3286bd972114ad88f54470651be45becf41e4f45a312091ff9f17eb4e68f86d908aa458438093f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\385a62cb16e1c8524da81c17728733d79e3ad9ccbc342d982fe79352f8785dba[1].js
| MD5 | d239cf79fdfe81835a0c080aee6fb6fb |
| SHA1 | 17fab64ef2596fb37e6eedf00c60d406bbd5e689 |
| SHA256 | f161c01df48857b9f17ba71eaa4346bb7a050f3ce207c71c6070fb194ad33c47 |
| SHA512 | cd7a0a2ea3759d28afa953c18aaaac13828543f07a9a8b67c9de175d41dc00fbabb9ac03ccbec67eebd066965eb06ef93a1dba21a78dd34c34aa667b726ce69c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c0606e8d6eb4487cdc70d318e6de3d9aaeeb465ddb84acd95139011e56c5e5c6[1].js
| MD5 | e3553b406af60d93e6ce493cbc788efc |
| SHA1 | 12f31b6c0ed5d68ef55908b5aa70df149060f72f |
| SHA256 | 827502d069beb137adbd107406a40e2b72246df9141aceff3a09f1e8bb44eb2c |
| SHA512 | b2ca013a1df5c1bf1b302720756f8a31632aadde66304625cd3506de4ae780d3edf70e55955208f0fe3b919dee19f6b85f1b9d3ecd36f343697c837c63ec5706 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\95fdafe5af749e388de603b9ee7f67bb092c3c790badc572db4e2bca0c32b49a[1].js
| MD5 | 00e91f24cef6a93c8f0dde76b7b51e2f |
| SHA1 | 3ec7f32af3346df3c0f8042016eb75ae6b3711aa |
| SHA256 | 4c74bf2799a150da1b9989eb48ef0560d7bcddea5ae4cedb5fc63526db741fa6 |
| SHA512 | d9cad4b13a599b3bb17b65a2926713b4f4095dbe47d322995ecb86d65353c7b5739d570a33ca8dbd03f7002226485f77678f4aacfde7659ecd222d81f766bb84 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c629f6739d6903fec0d935d26a9cea02ff757856d4ed73a83fd1535affea0300[1].js
| MD5 | 10c4b936895ec071d32581f5ef428b01 |
| SHA1 | e92d109ef13abfe48ab9bfec55a7d9e916c65802 |
| SHA256 | aab7550bf086b5c36a9a4d29bb7d5d69e8980cf65f9e307fca06df460ad09e6b |
| SHA512 | e032b5e6db0789f64413cc6274f392fc9952b82cdf13b7963878e2c324233b21c23e70245558226df06b8824fe029c45b15d91d9e6d069ffb755082cbe487733 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\5370e5e55fc9993ec53b0a4195e82290b8c1c5f95a1fb5cd11a2ec82d5d07809[1].js
| MD5 | 9e2a1059f270bdc220c7a9bcb0cc170c |
| SHA1 | 317980f40209c519b4fe1acae5dea6d2a6056296 |
| SHA256 | e266bbcc474c5438f536e4a14aeb1ede5d192e353030f25f21c4fff17e16c03f |
| SHA512 | d6230b8608e3db9d9e53f2f7a3fcb9488dfd07c31b1155962242a8d1d62873d7994d52686ea24bc6db2529bd20ba8547dc9e5dd12c4a979f5b6a29ed1b4abc11 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\2f07889e8f290c066b3309491942ced128803f3697b5ed2f5e6149db2fcd375d[1].js
| MD5 | 2a5899e3148f3575280b1b1f2d6ca6c5 |
| SHA1 | e99ec5dbf3b0d7b8a584c5d9fcabde874002fffe |
| SHA256 | b3b68e4e05d953842003a9ae642c219abeda2c9a897f358eed102c230234a5cb |
| SHA512 | 10acaf95d72347911db2537ea81ca8337274113c483571e9d073907c91c9695526611c197417490d91221eac3a75f6e9f9828f80f998fa302e2f1caee1711b49 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\7693d98990f875a88c91c0385e1b0542bb51913fb34b23f414b6890d90353c40[1].js
| MD5 | 959be10187ff17f4f4b5684a33dcb315 |
| SHA1 | 003ca24bcd9a2ed3ee644f7b0cabe0d5bf881cdd |
| SHA256 | b757c1c017abda974e444fec6c8a8f182df7106d504b2623a455b03b83292955 |
| SHA512 | 5d7e7ae709ae373f55dd3f1d6394ce57acbd617208bed1d057b22706988fdf3aff82beb3a0da13cdec87b57b6326a94e77dd6fd80f0db44c08022503c8478547 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\18dede93de3aac02225e1e6e9957d98d6983c39fc9e76eb0cdb05090e5551f95[1].js
| MD5 | 2434ddd0ebe572e9bf091853be1d5a7c |
| SHA1 | dab1977b6150c25b8365ee20e8dfffe4125f3f62 |
| SHA256 | 01f5176ff6e2a06fc72863d208fb9e0fef024ddd4cd0897548fbcd5613c591e8 |
| SHA512 | 550e348403321dbe2b56848e95bb9912b8b3f2feef9df3e4bc9c013280e89209c4fd335e4e44de6436d460544e3895b45ddb929363dc7fe84fe5c38f480faf3b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5b148ca445e1fd4ef905bc3665b2e29d065ab357cc88fd68be95b519f6e2da0d[1].js
| MD5 | 429d7a15ed66e2a75e37ecf5f40068ff |
| SHA1 | b7c876947c9027f3a4df526c3a3dad8e1bc25d68 |
| SHA256 | 256dcfe7da215d42f7a907c2b9e79d4e59a2887c5e557dcf97362bc1ae3704c7 |
| SHA512 | bfbac9b4862e868e9913e76f4ecb3f5745c00be9f7ceb82cd83ff6762ff97ccbd06b911a9aebf1486d79ea6a71ba2e262511bde5e87c526f11f9e2434c5dd5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\ce6a4105a4d28cac59aa57a3d6615d56ba63526569ebfd88d49ac363d61caddb[1].js
| MD5 | d39a5329a499e3cdbd151fe9de5ff9f2 |
| SHA1 | a79540de2ee796268ee9c478b1b8966fc4b1a494 |
| SHA256 | 9829de516f5c02a1b3d2c24dc78df0fcb4605e2e73ac397aeaf8accb4e7041bf |
| SHA512 | 00e32f03465e0045f0979974ce8d4838d30c85b8217cc0b62d94f6732a18989f2d42ea2eeba3aecef76cf59a9903219463f4a353d6852b96833a536c4877489d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\fb47e86d6d7deaf62c7c5c8a62d915361b3f9b47503976e24e4fdd44710a492e[1].js
| MD5 | 7689c0f9bab9fe7973e3c2b1a686d3f6 |
| SHA1 | f4c1d8e81196c11d118c0f6f35a7270bb637ee93 |
| SHA256 | ca93c4eaf70846d7e0f28534eac56368fdff7bd87226bb26d477bcf06f198c57 |
| SHA512 | dc53f9fa94529120f8f2be0d119830c94da89a250cd3b754a11d623c8f1548413dc296b9c49564107700ec302ff60bfb7b7b43760d57ede3e1d1f94cddc255a2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\bffafd994791f59d1efb67723313fc0f59b58fef8dec7cf83535c8f4d1d1ebd9[1].js
| MD5 | d51f2332682a3fbae2bda7c63a3791d5 |
| SHA1 | 823b422b1406418d0fba98917c8b572936fbd1cb |
| SHA256 | c4e4914479e8483e2871758227d6b2cda33d15f498d05faf0eed28cb0d03f9e9 |
| SHA512 | cd26b76b926e88c74eecdb83d54a2a072d8e7934c80cec217d4925264445e5cbc368cf155918047ec75e6426542718b7fe6e48ca9e662450f76463f9feff7b0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5a67818cb9f234cc3d70d2c853e74c7f2a05a90510ed8a21fcf33e3d836faa45[1].js
| MD5 | 81e88d2e7883de7e5f5bd1c8a90ee702 |
| SHA1 | dfc1f0ecbcb31c6aade4ea3e52c1272b6b0f3f25 |
| SHA256 | e2ae53e89c9cf0f33d9fda5c1677883fe9fa68bd5e1692d0a9cf29f7150e63a8 |
| SHA512 | f56b8c10a9dc06d0befdbfd6255f8b97dd64a19910e0cdaae0b281353ea2a3e640cd366c54e53f26df3d5edd1426142ecbd95b643bf0a2edbb01051e38ee68c0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\8caf2b65ee828e800e5876d0e115b50feeea54bd99c5c0a1be51369a03bb8e88[1].js
| MD5 | 35cf2ba406248b313cb90f44bcf01445 |
| SHA1 | 0dd2969718039e83c1ce2683c271b0507fde4838 |
| SHA256 | f1a156361467a158ca3911de32da24f96b1a36c9a6c9150a6b82483307cd4468 |
| SHA512 | 40f7a7fcc3d7bdb05ac6d72ea86db0fcea32681435931189bc243bee0966f5863b7f1231bdd32f2e77e1478b3836192b729f3416284dbfc86a00fa54d7011932 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\3574cff8a3839614386f61fdf914e02e5217a7878601ce33a9ff41f94a2ad8e3[1].js
| MD5 | c4d63cb23d961a45d5b4459ccebeba0e |
| SHA1 | 60abfcd03a673d17b6c46e54b6e30922524678c8 |
| SHA256 | d034f1bb617cb1723d5f8b61cdf3be370f278282401abfe43925af34f1847c30 |
| SHA512 | b3612fcbbe7fcf97ce02e73753d6d144a27a1bdb5335d629081fd4b75504b3931fa7e9430b8d7640f6c49cc2747a966bb24d38565c90b610f56d811ed44b9555 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\a054aec7da3a2b719cf38e09c5f6a9f45af54f6e632aa964ccc8b5ec2d83b9b0[1].js
| MD5 | 304c33ce16dcb5dce6eeb186759c73eb |
| SHA1 | 700108b197068213c8dd19949c4722aab41195ab |
| SHA256 | 612fd0c7d11d68d61626ef4fd515f83a26e61591ead785c0e2e9b9d9d86aeb29 |
| SHA512 | ad1729fab79179e872384a105edf36e09c8eece859e4f7679eaabca66a2b497f9cc799c7207b0491563f57aba89b384379f370b838d07169d567f736cab11858 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\1057677ca91f349db02f7b279cdfbf25bec8098a13c7870317f7ad4cd4779a97[1].js
| MD5 | 250714e191e226cfb87558ff95b08d6f |
| SHA1 | d23414e3e7752e75d5863ddc1dab9f7568da257c |
| SHA256 | e5ebf4da85d91400418142c4897fda22e927c895bbac921aa377f51fcca2deaa |
| SHA512 | b1df6e4b689ddb6f6c4b5691386e6e95e7aa6fe975551594665ff183f1f94b79bd46f32b6a41296e43e1a2ed08b8a3fc9310882165d1be9947079b1c1853d57b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\3241cdd45931acc3efce4b49df4fe9583ed09d79994cc782364a84c4e851af5c[1].js
| MD5 | b4c3102da5845245f0724045bd201d0e |
| SHA1 | 6ce7be31efd2e0203230c7b7d0fd1ea7523cd0f4 |
| SHA256 | 6caeee0448108a8695baf3e5282eb64b6d1927a32b1600e89d9d96ee0b99fb9a |
| SHA512 | df7a5c362b2c76af1056fe9dafa5ad9ac9751a876f72679d0da8b8e1a2f57dca89261409d99bcd2479ac08e2daf02ff2c6a868624bdbb206a4d58675ee560722 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\4963a609b0bb2465ffa6a7ad10bcff85662879d2f342f0cb1a2485320dd81eb5[1].js
| MD5 | b7a9c8582e5d3c40de0b72014e68dd3e |
| SHA1 | 5a22d54c69fa0a9f40ea5670a1e9f06b92317ac4 |
| SHA256 | 4dee6dd624201660b3822dde54e7bcfc25bef6fbeac90cdd81e466bc9ecd3b99 |
| SHA512 | 4ff118dd8f3a5862ab315b01991d12607d80db1ce898f99d9439c043e84f203a914a3fd95ba7a56963ddfa08971f3d797fac508906c2b8204a5f34d4a6a82bed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c239c2a4cca7b50a6b45a6c32ee7ddfaa0bba7011c733c6db5aad0f6a7927d54[1].js
| MD5 | cbb2842bff660de3c19eef91328b6d14 |
| SHA1 | a30f18b61015c15a1ae1a93e353be2f601a6447d |
| SHA256 | ebf9b940e1ff98a2c77cf8f53ccff5aa8c9cd4d532ef8625e37e0b5eeafd28e1 |
| SHA512 | 7c4010c60143dcc116e6a22d929eff357e90fc1450f4318bc6f036a9149f6c27eb4649de334b64c9d556439711e00a523530f2aeaf41355709292203d91ab2fd |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\0cb8d2d6f4d1670adfee3b204fcb3a2dbf61819b82895f8257f0e5055d2c5b2b[1].js
| MD5 | cd6597e9fbd3e9bf81268924ddd5a0ea |
| SHA1 | 3bf1e01b59764321855344294e63b1cdf15e523d |
| SHA256 | de3dce6b3894180702c98b9bdedc2a8a1cf21188c5ce0f57f86c1e8b9c490dbe |
| SHA512 | b81c4746540bd300317cbb00e6ec3e0aed828b0c80f8e2769d4243ddec718628ed6cad499d804ba6689561221c05baa016bbe7e69a8ac94b0a356a557f378c01 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\1e9c21f67e9901f767acd1db03c4a5c6029d4bc0862424e80c746d6e3cf5b99c[1].js
| MD5 | 32ab999235fa2989b0e909d5c507894a |
| SHA1 | 652967d5749225a2c6b429ca35cf694201b70815 |
| SHA256 | e2e0377775565d3be3e8337236e98df510e638b08b7274fc9de0ffdadec65189 |
| SHA512 | 5c8f909fc5788caddd304dd0723c72d587f94ad70c74de42d090eb49ffca6a90a7beeb719a00195a6d454153d2df23f081b381a3230faafdb12b814959004fba |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\5c44d71f75449192684a6558fdffae735d08a0a29e18c656dc0374df397a0050[1].js
| MD5 | 302bcd7bb6f466fe2dae4140ca1b16b5 |
| SHA1 | 33be65653923c05bb986ac894c5931dd28c8deaa |
| SHA256 | 868509c373ac67f1e82589eaa7a48f9afe5f7b622b8bc2405babdceb9c39c407 |
| SHA512 | fd84ae2b3620ada395779e3f07192d9b4a73452abe936e2b615f74171288b6306c331f37595336e5e6c9eeb7ef3afe2fd70a3a7d6d24a19ef7288de905f02639 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\5804331763d8dd8d8fb671924b73023bd1feddd205229569f18413e6f0190f93[1].js
| MD5 | 5f3ff3ac1d57bc43b4703973852ff51b |
| SHA1 | 541d6552fd52b2b0104ccf198d952c263e99ef68 |
| SHA256 | 5d64ac36aecfc0ab36082a4adb957bfec048ebf4dd326bb17554f7b9f8b29bec |
| SHA512 | a33ca0c6f1ec3099899f0c16288153a6f462d6b6ff13997999aeae2b01a80fd212a82b7f1a51c1b7cf41387c4d64bf67b56f91dadb5f9ec280c73d0b7e1948e9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\9cf047a292f5735b2ce9c1896e1951a873acc17e0d794deddde210b8bd91d6d4[1].js
| MD5 | 6a0de487cfde946269403a9458de24ee |
| SHA1 | b7cf05cddb46ee71da89f9b8e0e86fea65e2fce1 |
| SHA256 | 95a71a1ff9fc8fe57df8b361ebe566acf985c58a46ab72c1d281eb594172ad5d |
| SHA512 | 839fa6dd3f15f0c899e29f6b733487e04190af3c09a28d74af9a77ea37cb51318b27134ca545f66b1eca1e0030e3ae973a6d4577c0d1108a6b8092790b32cae8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\0eb9f3bc4309642fdf241b8263d8987cbe07add49b9342084cdc23be4e042d93[1].js
| MD5 | 71ddc27009b44e1418832b1fc8854c18 |
| SHA1 | c5f8bc86e8b3a58182e1f1445322d5d62c413af8 |
| SHA256 | 51da9fbaf06c13482d5c12c04fdc0befa7c813fa7ca5da01ca2aa148ec191618 |
| SHA512 | a9021aa3292f1eff998dae2a5000e4b8a10b003a840e7bd0379508c3ce8a93bb0d8ba5a83d8d9e731dc3ac3a6e62712d428e618704b8a2cfbd56d3bf9a6a5f52 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\7918ac8b721b946f2800652b084166ae795408706e447c98a9af8ca3e8a0cbc0[1].js
| MD5 | 7a69881a942d84bce34eb0b4e437ec40 |
| SHA1 | ff6c2041e8a75a77aa7608d1d2efe217deedb520 |
| SHA256 | 24dc9f4a675e41f88d91ecbf50c338d3ae61e0016ae473899fc211566fab336e |
| SHA512 | 80f20afb41cac82b215d43821ad155a9ad7c4980c8b2eba21e5e34d2e68ff51dbe01e55e08ede6ec9cbcce03758c3403a9c1161530bbed1087e8aebc55dd99b3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\4e1037868737fa797b0e3248bc05479c925d8029ec146d6633aeebd9e0bb6c71[1].js
| MD5 | 0b9124321adba71f7bf23d11b408284d |
| SHA1 | 7c3b48a089c89142edc58eeb288ed3587b8eb05b |
| SHA256 | 9995d739ff72fa3fc11133643af3a1ee1a882d63ddb6c09e7c371f101daf12cf |
| SHA512 | 0c6828fa38331d4fb7c50739c10c6bba10b2e00026dcc7e5c0b0a15c15177ee323850d16b7be4e88b14004dbf1ed160b9f937ad783a9fecffa6f67da08ff66e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\97b99d5ea1fd09bf3fa4aed595502676b5c6d366675698913916b7b0f1b33a30[1].js
| MD5 | c44aedecd7e3ccf371323073714fb16c |
| SHA1 | bcc351bf6cad9cc5d5938cf62f246417de140b6b |
| SHA256 | 86018a0389b63708210639435a4124b93dbfcc1e3d0a5b8f90795df88b5f4aa8 |
| SHA512 | 86fa49190be0bf8b8fef4d6b5d0e9ff24fbe1412c48dae06dea3691b3a1dcff7b18a476269f359bd4f54a6c8740ae47b63c6fefd2c057b1d84889b19c937b9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\8f8d451cbe04b730d167b5ce92019da934a5c2da928ca13d9b3eb15cbe2ff5d5[1].js
| MD5 | dae365b04490603674ee4ce0fe535d26 |
| SHA1 | 429eb8aee0a40c4c0f26d351ec59a5e96967ad76 |
| SHA256 | f0701f5e6f2669bccf83a3cdd7fa8df13318d9b9e66d42237e7d1f66cdff75f8 |
| SHA512 | 01a25b66f81dd80551b567c7d2b84c1b7075ed99f4bb3b120652ea2986df3fd30b647db2e19fb7bd179abd996ed4f330573f5840489a8c88763728bc7fd38e73 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\f63323dbe986f27298530ab64116f8970ac99e475c204875739756cfe6dc2b3c[1].js
| MD5 | a54a22396de80fd291f7491c67feaed5 |
| SHA1 | b588c168b3de02222fe8270bd2b80240c5147f29 |
| SHA256 | 57b939956fa738b5dd1a0e53d3cb4df1ca627183ee01933614ac17e2ba1668e1 |
| SHA512 | dc101c80278e90fbccc271bfbc7b95ada305ab015c7d592aa2f9b84743b0698c70b6345c6ce798c021dbc0a9e618903a435670d340af8ce8c50ad304a25635e6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\943872911690cace707b2409baaef7feae5161c4e92ec90174e09165b46c60f5[1].js
| MD5 | ce1a13378989a854b2673348fa4c55af |
| SHA1 | ccd11209d8c0bfda793c714c1562079ee49a8f59 |
| SHA256 | 249ea40f8bbb2d3ad20e1945ee5f27018b6d11e9c5012cc652a1a6a54e014347 |
| SHA512 | 87b32472c0ca17a600d228c064c40d29df5b05afe25c4ced4a41c394d3f5ece9fdb2bdd306c4179324713d2345df9bb0ae46532b14d1f7c769c55cd22e6b5426 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\c8a5a277ce6a0cbc4f7b673d7d59e93c63a62a2d86e68d32eac55af32a553945[1].js
| MD5 | dc854d936382b2103d5ca2e9c5dc0a7f |
| SHA1 | 25d48038cfebc37479292e042168a8ddce3847a8 |
| SHA256 | 958b47064daa8040f42dc2baa7ba693c45487b194a4d1921259c215221fd1b95 |
| SHA512 | e21ccf12816beeb9d6653502956899c6a491ca17dd87eabe8346af645be057c583ded31634d74adc8e72e953ee085d58e02e0b46d182119abf8acb4b7594c8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\d720f5c5c32eb353fd76c5a101f47e529363a19bf44c18b01b501e0c648c81b4[1].js
| MD5 | 4745b148bd026cefda8ed89c750ce0d7 |
| SHA1 | a7994a99dbf7e21d3cf8e7289506a71c648581ca |
| SHA256 | a10e868040655a942725ea47032150f81ec882df448582d1432a1ca913e4d362 |
| SHA512 | 989ab0ca9dd3f6b14e6e2c28ab20df3390d15641a507c9634699f8fc88be8eb9c322c93499c0a1f5f48653fc628ee83ef41d6d4fbb3914fbc0c4fce67d7f7148 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWSOWPAF\f5964480d72a66fed298d36e9ad7c0a033020f0f488a49773b129905e4390e60[1].js
| MD5 | 04326d863c5c35a9b9a8e9ef66bedbd1 |
| SHA1 | 648a64d02fcdb62c392a1efd2a56b4210a68c350 |
| SHA256 | 49bb773a403459aeb101120fd2ba18e4210c8f3187f2706296cd0c2f7fe62458 |
| SHA512 | 4d8d074e2046633723384dd32cef747b6c140d844f0ed7764aebc0402360ba966d77ffeda3f7b0f128e55eadacf884e2daa85acf6f48865e7e0990890251b3ec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YUF3ZB4A\f41ec06eeae79fa94e6ae9f435b0a1c6743085e898884eddb4d4025ca3af8a44[1].js
| MD5 | 7ae97680c42130384a6acebb7deb3d81 |
| SHA1 | 4604f1ee4bd5f4fda85fd724ed89085a279a088d |
| SHA256 | 2524924090c58b72f477c6356c681710caf7deac61712b3da7de8e116a5d8242 |
| SHA512 | cbfb09cbae27c89c0d8d161741e4d94b6eab1c99edb381001b9188fe0dd26c2d8d9c4a58938cde4acee86ab865f0ff5f4f9c96ed6051c732dacb15d1a2af240e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\6852af8f7df15395ccb3d121a914ee7301a7162f5afb3395575c6075c617923f[1].js
| MD5 | 1e41c14439a61ee159c462ffd6e1ac5c |
| SHA1 | 7db9c32fcbf877320e79d2b8499216c6bfa1eb20 |
| SHA256 | c7dc78acbef049e198d3a439e2bd53add45cefdc10337276b9f0edf5e9eaf879 |
| SHA512 | de7acdd1bcde824b635d4128a208e96990ca1226e9d5a634522495448116f0d7285bef91d85446c4f1e6ed4ab4daf233e903f6de43b6cd66444aacbb2c07028e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\a411b4655a0c97ad1d8209c2daa1e92b0dfc5d66716efcfea310f491aabf1ef6[1].js
| MD5 | 8ad2e34132a9ee80b60ca859e36c691d |
| SHA1 | e5ed9ac9485d549d78becede6472a7c94f7949c8 |
| SHA256 | 3309b5a08c1111f4578a703676e0d33826b95ebdf494eaa903a1300c60f03539 |
| SHA512 | 69a18e188441f76dcd078da1dee611da1aa5707cc4b115ed481d6196e88cf67b4e863f9af0da01bc6a201a910e561d4cd6e19e9cb1774db566d63d5c39521c76 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\c46b4fb03550b521b63f90cdca3214e620c53f676987f9c644dc3ed60a9d74c9[1].js
| MD5 | 1ba75999b3ec1105914a31501c389244 |
| SHA1 | adcfce5e58b649326873d62c1991a430f96e0269 |
| SHA256 | 4e90f35620153d449f3afcc8d4538b2bc4cec36cb450d3716c93b37a51da55fa |
| SHA512 | 8c5a0725b953d66c38e7248c60dd775a2182fcf4e3daf4f9229570bdee0dbba20e5d4ad688f5220991e34516e4f8bb36acf601f6b9e4232d2ff56b73bf1a2f57 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\358e6ae5bebb0fa9326d0de99d3ee229ee63236bf44ed11b9ab1d314c7972e79[1].js
| MD5 | 7dafbac1a59e0f6dd78eb48f12d14e58 |
| SHA1 | 7d423cd538b6e74b0f27ffefddbcfbc3582baee5 |
| SHA256 | d21594b5c0038364f1352e2765a4a40a2695a69c1d12d8b245ed0faa621e4733 |
| SHA512 | 5a7d7e0e0d1af320c84bcb94319d32219dc3c0b30f6d87762c0705b17c6f4bf1abe3f574dbe5ce8feb1a0dceaf0f45d3cfe1d61e4c029c19a904cddfaecbebc5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\f[1].txt
| MD5 | 6529c8f4184744cf17fda9ef3104c08b |
| SHA1 | 49268da790c510f14272225e901aaace9e6c2853 |
| SHA256 | 3ccb32ad9f311ce2f86f096fde9c4fa2018c600252b6d3877d403a8fbf352aa2 |
| SHA512 | e87bcd0da7e96d36ab7d07991540d2bb0e43edd2734accb47f204b0b5ad0f9f95e90c69e4eab2321cf85d72856e5d2eaa1d3b5bce93f628c36a0d2c5f128bb0d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\f[2].txt
| MD5 | fa234b306f118edd78a274396cb14503 |
| SHA1 | 800eec629839b16f17b8c2b5a84e40480eb4dfdc |
| SHA256 | 512a39892fdac043f2fe8f90a44d867dc600afe16105c084e11d90eaa828b7cd |
| SHA512 | 56956617ec3a716ca9a3f5f22e80ea4d249c30591fafa5a6c0ce9bad907fba1a45fe5629435c11687cfb0851e8a511e5f4a7fe4dbad2699dd61d3429715c275e |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | e9c3ec411a9117668d8645fa90059212 |
| SHA1 | 2a00b2601360e9f22ec6c1055063cc2521b06fcd |
| SHA256 | 9f60aef8ef3b56f158201a5a00b7208bc83d44e1b50b7566ec1ab4736c044dd2 |
| SHA512 | 9d475d6e076d4bcdc1a448f8157ee1800915c288484981b705916cf9de1a6fbaf8549362f52fd3ffc91058c46990332c947b0426eb2a43b2603d90ae76154a2b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BE4E09Q9\www.roblox.com[1].xml
| MD5 | be95698b8f1b0c65159334c092573ec1 |
| SHA1 | db8fc8a73de78b67434f57d5afcd44066af1da2f |
| SHA256 | a7e106d415555686b68930427e0b9f98e84debbeaa7722c8f95d6a2a91789c62 |
| SHA512 | 6f55bd646bbe07356aaa7fd6caf6c8f8d5006a7e1f2e60877c1697dee2fef36a98659dac242d09248f9d90902eef76701d9599feecbe156dea7dda74669fda4f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XY2E4O3P\sodar2[1].js
| MD5 | 2cc87e9764aebcbbf36ff2061e6a2793 |
| SHA1 | b4f2ffdf4c695aa79f0e63651c18a88729c2407b |
| SHA256 | 61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb |
| SHA512 | 4ed31bf4f54eb0666539d6426c851503e15079601a2b7ec7410ebf0f3d1eec6a09f9d79f5cf40106249a710037a36de58105a72d8a909e0cfce872c736cb5e48 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT8UAXPK\JFPzhDEDNdO8W83wpdlpX2Pfuhd0jtZVvcdpQUfgqzE[1].js
| MD5 | 94136887a7bb4ab79524e4060edffb34 |
| SHA1 | f8d795c296bd0b6f33c8c160bbf411467b9a9053 |
| SHA256 | 2453f384310335d3bc5bcdf0a5d9695f63dfba17748ed655bdc7694147e0ab31 |
| SHA512 | 5661f63946930270d137ffe8751b3dce8b3335bd8177968a4eaab6b2166d18a3d126b1c4e1b3c95cd449a0ca0a5e083b8d1d568274e5845faabb6e94cf51a188 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
win10-20240611-en
Max time kernel
150s
Max time network
147s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a0783ac30afdda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Spanish Phone Converter" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\Disallowed\Certifica | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "804" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{BAE3E62C-37D4-49AC-A6F1-0E485ECD6757}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\AI041033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech SW Voice Activation - English (United States)" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi\NumberOfSubd = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "407" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "CC" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000332b40ad2ba978855dcb2978f4907613e3bb1ff70fc765bc9801ff28fc3d6146dbc460bb307cdfd023721b5f7977e1fb5ce2f4daa27ebaf33235 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "432067125" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech Recognition Engine - en-US Embedded DNN v11.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "16000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40A;C0A" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Anywhere;Trailing" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\L1033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D = 0400000001000000100000002fac04553147f46a49df9b4ebea6df43030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a083551900000001000000100000004917c0071bcbe9c7046c52368f011df95c0000000100000004000000000800001800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "82" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\SystemCertificates\CA\Certificates\696D = 5c0000000100000004000000000800000f00000001000000200000002aae3fb7bf05e4c81c4194dca44511d4f9af304786ec1ae7218409cf62a08355140000000100000014000000c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b91800000001000000100000002fe1f70bb05d7c92335bc5e05b984da6030000000100000014000000696db3af0dffc17e65c6a20d925c5a7bd24dec7e0400000001000000100000002fac04553147f46a49df9b4ebea6df431900000001000000100000004917c0071bcbe9c7046c52368f011df920000000010000000a05000030820506308202eea0030201020211008a7d3e13d62f30ef2386bd29076b34f8300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3234303331333030303030305a170d3237303331323233353935395a3033310b300906035504061302555331163014060355040a130d4c6574277320456e6372797074310c300a0603550403130352313130820122300d06092a864886f70d01010105000382010f003082010a0282010100ba87bc5c1b0039cbca0acdd46710f9013ca54ea561cb26ca52fb1501b7b928f5281eed27b324183967090c08ece03ab03b770ebdf3e53954410c4eae41d69974de51dbef7bff58bda8b713f6de31d5f272c9726a0b8374959c4600641499f3b1d922d9cda892aa1c267a3ffeef58057b089581db710f8efbe33109bb09be504d5f8f91763d5a9d9e83f2e9c466b3e106664348188065a037189a9b843297b1b2bdc4f815009d2788fbe26317966c9b27674bc4db285e69c279f0495ce02450e1c4bca105ac7b406d00b4c2413fa758b82fc55c9ba5bb099ef1feebb08539fda80aef45c478eb652ac2cf5f3cdee35c4d1bf70b272baa0b4277534f796a1d87d90203010001a381f83081f5300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030206082b0601050507030130120603551d130101ff040830060101ff020100301d0603551d0e04160414c5cf46a4eaf4c3c07a6c95c42db05e922f26e3b9301f0603551d2304183016801479b459e67bb6e5e40173800888c81a58f6e99b6e303206082b0601050507010104263024302206082b060105050730028616687474703a2f2f78312e692e6c656e63722e6f72672f30130603551d20040c300a3008060667810c01020130270603551d1f0420301e301ca01aa0188616687474703a2f2f78312e632e6c656e63722e6f72672f300d06092a864886f70d01010b050003820201004ee2895d0a031c9038d0f51ff9715cf8c38fb237887a6fb0251fedbeb7d886068ee90984cd72bf81f3fccacf5348edbdf66942d4a5113e35c813b2921d055fea2ed4d8f849c3adf599969cef26d8e1b4240b48204dfcd354b4a9c621c8e1361bff77642917b9f04bef5deacd79d0bf90bfbe23b290da4aa9483174a9440be1e2f62d8371a4757bd294c10519461cb98ff3c47448252a0de5f5db43e2db939bb919b41f2fdf6a0e8f31d3630fbb29dcdd662c3fb01b6751f8413ce44db9acb8a49c6663f5ab85231dcc53b6ab71aedcc50171da36ee0a182a32fd09317c8ff673e79c9cb54a156a77825acfda8d45fe1f2a6405303e73c2c60cb9d63b634aab4603fe99c04640276063df503a0747d8154a9fea471f995a08620cb66c33084dd738ed482d2e0568ae805def4cdcd820415f68f1bb5acde30eb00c31879b43de4943e1c8043fd13c1b87453069a8a9720e79121c31d83e2357dda74fa0f01c81d1771f6fd6d2b9a8b3031681394b9f55aed26ae4b3bfeaa5d59f4ba3c9d63b72f34af654ab0cfc38f76080df6e35ca75a154e42fbc6e17c91aa537b5a29abaecf4c075464f77a8e8595691662d6ede2981d6a697055e6445be2cceea644244b0c34fadf0b4dc03ca999b098295820d638a66f91972f8d5b98910e289980935f9a21cbe92732374e99d1fd73b4a9a845810c2f3a7e235ec7e3b45ce3046526bc0c0 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Zira" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 173.222.211.43:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.18:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| GB | 173.222.211.17:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.95:443 | css.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 95.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.178.3:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.200:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.57:443 | images.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-ap-northeast-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-us-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| NL | 108.156.60.108:443 | c0.rbxcdn.com | tcp |
| NL | 108.156.60.108:443 | c0.rbxcdn.com | tcp |
| US | 44.231.178.77:443 | aws-us-west-2a-lms.rbx.com | tcp |
| US | 44.231.178.77:443 | aws-us-west-2a-lms.rbx.com | tcp |
| GB | 35.178.34.242:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| GB | 35.178.34.242:443 | aws-eu-west-2a-lms.rbx.com | tcp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| US | 52.21.2.64:443 | aws-us-east-1c-lms.rbx.com | tcp |
| JP | 54.238.82.241:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 52.8.219.133:443 | aws-us-west-1c-lms.rbx.com | tcp |
| JP | 54.238.82.241:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 52.8.219.133:443 | aws-us-west-1c-lms.rbx.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| NL | 18.239.62.218:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 18.239.62.218:80 | ocsp.r2m02.amazontrust.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| NL | 18.239.62.218:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 242.34.178.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.2.21.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.219.8.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.178.231.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.62.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.82.238.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.142.25:443 | www.bing.com | tcp |
| GB | 92.123.142.25:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
Files
memory/3040-0-0x0000019F92B20000-0x0000019F92B30000-memory.dmp
memory/3040-16-0x0000019F92C20000-0x0000019F92C30000-memory.dmp
memory/3040-35-0x0000019F8FFF0000-0x0000019F8FFF2000-memory.dmp
memory/68-72-0x00000190CC200000-0x00000190CC202000-memory.dmp
memory/68-70-0x00000190CC0E0000-0x00000190CC0E2000-memory.dmp
memory/68-74-0x00000190DC710000-0x00000190DC712000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YPT9ZP1P\api[2].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
memory/68-367-0x00000190DEDA0000-0x00000190DEEA0000-memory.dmp
memory/68-388-0x00000190DE860000-0x00000190DE880000-memory.dmp
memory/68-387-0x00000190DE580000-0x00000190DE5A0000-memory.dmp
memory/68-403-0x00000190DFAB0000-0x00000190DFAB2000-memory.dmp
memory/68-401-0x00000190DF060000-0x00000190DF062000-memory.dmp
memory/68-407-0x00000190DFAF0000-0x00000190DFAF2000-memory.dmp
memory/68-405-0x00000190DFAD0000-0x00000190DFAD2000-memory.dmp
memory/68-412-0x00000190DFCF0000-0x00000190DFCF2000-memory.dmp
memory/68-427-0x00000190E01D0000-0x00000190E01D2000-memory.dmp
memory/68-432-0x00000190DFD00000-0x00000190DFE00000-memory.dmp
memory/68-486-0x00000190E0520000-0x00000190E0540000-memory.dmp
memory/68-499-0x00000190E0170000-0x00000190E0172000-memory.dmp
memory/68-497-0x00000190DEFF0000-0x00000190DEFF2000-memory.dmp
memory/68-501-0x00000190E0360000-0x00000190E0362000-memory.dmp
memory/68-506-0x00000190E0430000-0x00000190E0432000-memory.dmp
memory/68-504-0x00000190E0420000-0x00000190E0422000-memory.dmp
memory/68-508-0x00000190E1680000-0x00000190E16A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml
| MD5 | f19559f7dc4d92800c38fd367a512dd4 |
| SHA1 | 1d9f3558654fc1c299bffb0112fe9b2a5406e8eb |
| SHA256 | f99c636aad40f308f6c1f217fb0f3f226a9d8ce301ac4106a70349cf242655cf |
| SHA512 | 9de24ddd8b4b9e5cea469b00c946df4330a00f49e2d80b6f225451ff8b03e9984f7eb656a8f7f1c46865420a7a9919aff577df307ed598a9412dbb2749740091 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml
| MD5 | aa411768d303705553320621097f66ed |
| SHA1 | 8d3145f9a15f1c63d22989370c81ef859efd7860 |
| SHA256 | 0e2a0b632d3586896c97118e8d69d56c1240786d6e8f16ccc56cc1d38de5d863 |
| SHA512 | a53210b0fe9c83f8af7c6953791fa101719009c6da82736f979a2381537afa08c9f68bf0075dffc10b7504e83a4bd0a7a55ec9df624cc1d590557d33fe758d60 |
memory/68-758-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-762-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-759-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-763-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-764-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-765-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-766-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-767-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-768-0x00000190CC080000-0x00000190CC090000-memory.dmp
memory/68-761-0x00000190CC080000-0x00000190CC090000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml
| MD5 | ca486d61e70aea92e90575df661307dc |
| SHA1 | 308b96b7107c167602780f28c4263f01ecab6151 |
| SHA256 | 4f8202a5496a5ee5a2a87865d0fc62b75e4ee42920bab2c17cf960384cdd43c9 |
| SHA512 | 13df2fcffdb9f6c9c44d11b161eff12f5526cea2db5fefea7484da71b0083dd89a8d06f510e81a7e346e07d8f7385d7e8c29e6ae0d0625285ec0350703dbb871 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NR2H02H5\funcaptcha_api[1].js
| MD5 | 759ab24cf5846f06c5cdb324ee4887ea |
| SHA1 | 41969c5b737bc40bbb54817da755e3aa7d02f3c6 |
| SHA256 | 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471 |
| SHA512 | 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RPVGOA6E\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZE5EYO1S\www.roblox.com[1].xml
| MD5 | bfb3cb1d8e56eff23c66abc6add11141 |
| SHA1 | fa9fe60dc841c0270590e2fe85010e0b2ec06099 |
| SHA256 | c9358a211d594e8e4791e2cf7485ba444aecd3610ad3b56d1ca931fee3377b25 |
| SHA512 | 3de675f3cca434d940a5890a4c62c1b365d7d0e92e94b6bdf755b3bfcaef78e6fe21d796f0fd6bfb02802a6df12162824a313dcffbf680720015156141fe00dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SZWNFRYG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9e46f8,0x7fff0d9e4708,0x7fff0d9e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,10691770929509294512,5072492017335062667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.i.lencr.org | udp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| NL | 18.239.50.31:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.82:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.50.239.18.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 173.222.211.16:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 54.241.62.188:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 205.234.175.102:443 | c0cfly.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.2:443 | ep1.adtrafficquality.google | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.62.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 847d47008dbea51cb1732d54861ba9c9 |
| SHA1 | f2099242027dccb88d6f05760b57f7c89d926c0d |
| SHA256 | 10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1 |
| SHA512 | bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f |
\??\pipe\LOCAL\crashpad_4600_MQZZWXSAZBEUCNSA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f9664c896e19205022c094d725f820b6 |
| SHA1 | f8f1baf648df755ba64b412d512446baf88c0184 |
| SHA256 | 7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e |
| SHA512 | 3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc4cc2211aa8fe847cc4b9f3950af7ba |
| SHA1 | 63332dd8dc113304a141a8afbe16a8cc42735219 |
| SHA256 | f7cff9d5f42f3f165944497a9cbc743360745e59c2b68e21283259c2e0cbbbcb |
| SHA512 | b2667e6af94fa0b5272e402fe0bf02d7c6cc31e24cb1b24058b927b59f8b1f1fe348a099de41b3c0f4cf8dfb91226e8b3414fd1b02de0e4948ac342841781425 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b30cf0cd418442602dcc37305446dd7d |
| SHA1 | 6382523ae495109f076a90be7c6fd028905d3e98 |
| SHA256 | ace03ca39511a08598f694cd238af9db2f4b8795d7d4bbf7cdaf41d4913c5ff7 |
| SHA512 | bacde342bd84caafce25c45a9f83412364efa770653c14a0563ebf7b51467c6dbd3cf85b6deb5da5ce7ee0747b71f238d29e819ae1ae1b9c8f64f7072b2a8646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42a82da3fa437ce43a4f632de23df741 |
| SHA1 | 340d18ebd6ec6e4dcceedab29086853036a5ea05 |
| SHA256 | 67a4c974db2c649d82a6d5a12f6e10ef7f4b0e1825db43deb4a368caf4339d90 |
| SHA512 | dd7df3e1a4a5d0c7b49224130c6779c6c98cddc1c276e4a3cbf0c1e9e0e0c80a374fd8cdd3f151436ab2d8855aad94c92070c22a220d2945785698c24203ec9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 20e3f5df4a34204560658afcb29831c9 |
| SHA1 | bef90c17401ca2f744adea56b4b15be112c0c9b1 |
| SHA256 | c7ecb6511500411d7051b02b91416989ee9538ce1cd5d45613334583438190c3 |
| SHA512 | e0fee6de5ddfdff30e8dbf28971bbe0ba66a9fc10cfe40e7141e132011f431f608cbeba4fc2263a404fba53115c47fb126dbe5ebdaf274bbbd8ac070b2dc8cd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP
| MD5 | aa73486910a80203166143ebfd9e66d6 |
| SHA1 | 98984d9229b7ce4ab858ccfb721ae6efc611593d |
| SHA256 | 19da9013eea2da03517d3442b0e60260f6edea5630c482f6fbc54f4e0f053163 |
| SHA512 | b282267eb967c12cca4141f216a9e1ac3ce2146f4ddc032e05e1cf3b9ecb86de3d5c612e863c62c769e81afbf0c6fff5864264ec54af21489b6c0a15c9acb5e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c497dc3160345911358e24be4fe80e53 |
| SHA1 | 084c11d9f1e1ad60d57b31c66beaafc1cb3ec8c1 |
| SHA256 | 344b9debaa76414e53b4813c07910a657be683de07cb623a60ecdbf60d5f5ab1 |
| SHA512 | 7c843cb3d75db05239a04f9b52a043c8ea614f3cad895cce958d93020c2cac31959e3b9aee300cddaab61d7b9dce1c767db5f2ba648d5641417160b22c09c782 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 79d44fd6b46544d6eff4b3c04fb76d08 |
| SHA1 | 8c6d871d729c0714a23500e449214be3309e0682 |
| SHA256 | 319cf47358c85321546e3b2c7c0035aac1f240a3432db3f57b8d9856280bb5ca |
| SHA512 | dea6932e8d01ed059955840c1658c106c9e8a089f6d657bee5354faf0cb56a5adfd09db9e0a49d254bee82a018a26820b11c0da6757dd2ff46357fb078ee00a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 31bc88d307108c9980ec5268a12302f1 |
| SHA1 | 1cc6b395aa0c28cb99b02b181a3312a9bcbd0c48 |
| SHA256 | be509299b23dafab857ec7c977051652c34ea8a4b9c13b6d64034fcb41b82691 |
| SHA512 | 6b7aebc54ad83299ae57aee054f679f531d97e7692635e8769030be702646e58a946dc795f1dbf770a0143f5a053ab8aa430c5345d4fddb3409f56c01b48fd5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 13c0a9d59ec07befbd988e918a1ce1db |
| SHA1 | 9ef4906cb90bd113926f3a912f187aaa8f2623b7 |
| SHA256 | f8fb060bc8d0c82fe1bcd96c6c708327b7fe9d45beb65875463c4283ea751c9c |
| SHA512 | 92c1af7dc5c931df2173393acf273d80b7ee8924a87292a0467b724fd459529202b84a9549e6a7aaf7dbe0199968ac7a2804ae263a05711c5115368ae4b3702d |
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
win11-20240802-en
Max time kernel
145s
Max time network
141s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,14305631957183762822,6465114696125178662,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5172 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.143.123:80 | r11.i.lencr.org | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.65.39.26:443 | js.rbxcdn.com | tcp |
| NL | 18.239.50.82:443 | roblox-api.arkoselabs.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 16.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 173.222.211.16:443 | css.rbxcdn.com | tcp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.9:443 | images.rbxcdn.com | tcp |
| GB | 173.222.211.32:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.179.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 04aa3f476e468ef3c0866e8dedd8f6e4 |
| SHA1 | 1e9fa8fd586c03447a4c5b4cee261900e9f464ae |
| SHA256 | 87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a |
| SHA512 | 7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8 |
\??\pipe\LOCAL\crashpad_2448_UXRLPMDHXKFSYZLH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db1dacae9540e883ae83489b18cfc326 |
| SHA1 | ec3b68e635d8ce3bdafe258bca5187536d43065b |
| SHA256 | 3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f |
| SHA512 | 2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b32d7ddfa799c58441f8a5c64f9a1cb |
| SHA1 | 99f67730897c41d40c853c355f5aab752667ebba |
| SHA256 | 1d6e98e51cd60f269d9fe215a38ede80988fde2d774bcd366e1e0c48fd516000 |
| SHA512 | 17f2da8117778428ade5291029d796445f9a0d1bc51d58af70055bc98cef4a0f2e3bc434607f9f4472c3139d1aed44cb390fc6db5f44e7b98cf9427729d91b79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3afffa249f62ea14ab1f6be64b0e8ba6 |
| SHA1 | 1f69b8dd709229279de304db876f2cab37616791 |
| SHA256 | 0a26e675986d32893249171b799ba09cff5f98d9419ee345c94f8a3741343f46 |
| SHA512 | ce3d316098809da857d1a738619eb6c9116ebc76ef77b0dcdeb64d712404ea9b448a0e15dc607d74e5be6eb6ed4d3ea9a949431e44469a1e9ce6ed1cfd6ef967 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 805b9149794b238946ed75ce8cdce431 |
| SHA1 | ce7609e15b857ef665b41d8402fdd13bf174cd78 |
| SHA256 | 96dc1a025ec89ea1d41e655868c242c8413047695c8bac9f50c5c718a388923d |
| SHA512 | 2048d4b0dcae401536d3463280171e5469162f4da5aa69d91cdf3c1a81195eff33decfd4ce9875d8efad16feb77efe3a3fbeddb1afc7e342c095f4f521f36ec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a34680f8b1266e2832acacdd5974cb48 |
| SHA1 | 8ed0a05cd9bb03b4990ba77cc79662cacb1e9700 |
| SHA256 | cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21 |
| SHA512 | 6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c69c.TMP
| MD5 | 37ce0196f837b754f97286c42aabcaa3 |
| SHA1 | b9bb5d4f477c891470a2f6300b534ee6d03f050e |
| SHA256 | 957d623ad68c789c912849dd1a13ae8d8068a714367d73eb0166ce88efa9ef9b |
| SHA512 | b60c437181230439deffbd9784be45451cd0153bd5966c67a6fc4cc507e49226c8456f2b8b329a0a108c4866ec095802efaa3235c3655bf4cfdc1d8382593f92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d7a63c54a7f4909c8c698229f3efc2ff |
| SHA1 | 046823a0f0a6f391801262fab543814d648160ca |
| SHA256 | cc85e6febcfaf3e90f5639441625a4059471ff86379d9dc519c26489ace38c14 |
| SHA512 | b6142717f77a3cffe9570cea7a36a05cf704106d5c13ebb298339fdc52c7e274cd4170d2e54d9860e0bfc5536d028442fe9cd92db7635d992319b666b01b78bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 29a986d3ea64af3493d3fe03bf0c5f1d |
| SHA1 | d9447d7d645755243124bf35bf3ac67998c61da7 |
| SHA256 | 39ad5ba09dc97bef0ed174764787434cf376a921a1046129068793c47422a18f |
| SHA512 | 87b1dd376c2278c293c469fa676d62500b10aae57fd3bb03978e43e984d72475b281b3163fe8d12b425d46eed2f34edefdc378c12b84c0a75ba3133c1f8b71dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fac4100cd014ae109ccb48b3454b5c6f |
| SHA1 | 5d3dc537896cb3b6d9d0068c08501e0e8398bed6 |
| SHA256 | 1e27106dad29105380e8f7166ab483113e9520e8296f91acc8ec003f9f38d835 |
| SHA512 | d331d9f4690457463258cac4f15e435ed36c4868c76a9d8313d888fb00395355c4ad8f7227e215d865c9ba983a4b493d86456ca2387b2d0f13edd1684229cd8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f4d32597b62f6abb1dbe33f9a39cf62a |
| SHA1 | b8120dc37b4a029def446920b0bff79c3efef3c9 |
| SHA256 | 74d2b553fa05e0dd6ef93cc9650a3c4b04c3dba0c9c2fd35b5cba00df3de3470 |
| SHA512 | 2cdc4ba17233072b12f7e538fe7e2ca61e9dee6eff403cb302402557f30d2e57d6516cc8981dcb54eca3cdfa76408a8a911b1d59bc9bb86c81b54c26b5f2bac8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9eee694ef8cf26c449d05467ea360068 |
| SHA1 | f21d90069bebe6538ff0c44c81503996d89f02a0 |
| SHA256 | 6900aae9f62c86e7a09fa6b7ebc2ae748b2af3804981a8d36523e984a50a9328 |
| SHA512 | 3b2b7d204755ab41b2b576ab172d1d0bcc43debbc237cf42f89b6fdf941b3bc0b8d1c5d5a79358ab5af82e6cd691dab390d72df1e4a9cd177150af25137c2102 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
android-x64-arm64-20240624-en
Max time kernel
134s
Max time network
148s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 88.221.135.3:80 | r11.i.lencr.org | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | css.rbxcdn.com | udp |
| US | 1.1.1.1:53 | static.rbxcdn.com | udp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | js.rbxcdn.com | udp |
| US | 1.1.1.1:53 | roblox-api.arkoselabs.com | udp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 18.244.155.96:443 | roblox-api.arkoselabs.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | roblox.com | udp |
| US | 1.1.1.1:53 | tr.rbxcdn.com | udp |
| US | 1.1.1.1:53 | images.rbxcdn.com | udp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| GB | 92.123.140.8:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | sea1-128-116-115-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-1b-lms.rbx.com | udp |
| US | 1.1.1.1:53 | atl1-128-116-99-3.roblox.com | udp |
| US | 1.1.1.1:53 | aws-us-east-2b-lms.rbx.com | udp |
| US | 1.1.1.1:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 1.1.1.1:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 1.1.1.1:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| US | 1.1.1.1:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 54.225.230.46:443 | aws-us-east-1b-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | aws-ap-northeast-1c-lms.rbx.com | udp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 1.1.1.1:53 | ams2-128-116-21-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 3.19.113.80:443 | aws-us-east-2b-lms.rbx.com | tcp |
| GB | 18.134.123.114:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| JP | 54.238.82.241:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.115.3:443 | sea1-128-116-115-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| JP | 54.238.82.241:443 | aws-ap-northeast-1c-lms.rbx.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 216.58.201.110:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.200:443 | r3---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.200:443 | r3---sn-aigzrn7s.gvt1.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | r4---sn-aigzrn7z.gvt1.com | udp |
| GB | 173.194.135.105:443 | r4---sn-aigzrn7z.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.234:443 | r5---sn-aigzrnsl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.202:443 | r5---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.10:443 | r5---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.198:443 | r1---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.6:443 | r1---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.199:443 | r2---sn-aigzrn7d.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7e.gvt1.com | udp |
| GB | 173.194.5.42:443 | r5---sn-aigzrn7e.gvt1.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | 96b8be868b6846e634f6a7d1805bdaa4 |
| SHA1 | a49f2988583679a259220d9fc62de84d778587af |
| SHA256 | ea7f6faaf895d73b8f330993565fe7a182eb5879834fd81ae66abf784b9efd2d |
| SHA512 | 00a4842f449f5fa65d626f86735838a6c9562029e30a6897b9a0b5bcca17011f826e8fe9c369446f2fe7f3860b521730955c5aec0561143942c349b0920e06b7 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-09-02 07:35
Reported
2024-09-02 07:38
Platform
android-33-x64-arm64-20240624-en
Max time kernel
142s
Max time network
155s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.roblox.com.bi | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.212.234:443 | remoteprovisioning.googleapis.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 172.217.16.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | r11.i.lencr.org | udp |
| GB | 92.123.128.149:80 | r11.i.lencr.org | tcp |
| GB | 92.123.128.149:80 | r11.i.lencr.org | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 92.123.143.96:443 | css.rbxcdn.com | tcp |
| GB | 92.123.143.96:443 | tcp | |
| GB | 92.123.143.96:443 | tcp | |
| GB | 92.123.143.96:443 | tcp | |
| GB | 92.123.143.96:443 | tcp | |
| GB | 92.123.143.96:443 | tcp | |
| GB | 104.86.110.49:443 | js.rbxcdn.com | tcp |
| GB | 104.86.110.49:443 | tcp | |
| GB | 104.86.110.49:443 | tcp | |
| GB | 104.86.110.49:443 | tcp | |
| GB | 104.86.110.49:443 | tcp | |
| GB | 104.86.110.49:443 | tcp | |
| GB | 92.123.143.105:443 | static.rbxcdn.com | tcp |
| GB | 92.123.143.105:443 | tcp | |
| GB | 18.244.155.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.18:443 | udp | |
| GB | 92.123.143.96:443 | css.rbxcdn.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 92.123.143.232:443 | tr.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 92.123.142.217:443 | images.rbxcdn.com | tcp |
| GB | 92.123.142.217:443 | tcp | |
| GB | 92.123.142.217:443 | tcp | |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.226:443 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| FR | 128.116.122.3:443 | gold.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| GB | 92.123.142.235:443 | c0.rbxcdn.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| US | 128.116.115.3:443 | tcp | |
| GB | 128.116.119.3:443 | silver.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 128.116.115.3:443 | tcp | |
| AU | 128.116.51.3:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 172.217.169.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.33:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.200.33:443 | udp | |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 216.58.204.67:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.180.3:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.bi | tcp |
Files
files/dom-0.html
| MD5 | 321327aeb90d0eaaf1179776b01d4739 |
| SHA1 | 3e166591055beb481e01ba9fd7ebadf5bae38f2f |
| SHA256 | cd8677dbaa422565510b99d6af9aef6c51995f3f0f3724fe1222458b6fafa31e |
| SHA512 | 13d1cd1ea3949030f4fa528a7a7ab0b9e5bf5b50c1a69daded1392ea1f208d5ca4804ee86c5eefbc586e5c2cde8d846a9768cf6cf34e65e196bac510c407c27d |