Malware Analysis Report

2024-10-19 11:16

Sample ID 240902-q3yrca1frp
Target https://www.roblox.com.bi/users/5445740091/profile
Tags
discovery evasion
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.

Malicious Activity Summary

discovery evasion

Drops file in Windows directory

Resource Forking

System Location Discovery: System Language Discovery

Browser Information Discovery

Modifies registry class

Suspicious use of FindShellTrayWindow

Checks CPU information

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Checks memory information

Suspicious use of SetWindowsHookEx

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-02 13:47

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

win11-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2840 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2840 wrote to memory of 1256 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff96ee13cb8,0x7ff96ee13cc8,0x7ff96ee13cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14210751323963915120,18209772017074420764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
US 8.8.8.8:53 67.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 10.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 62.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
DE 128.116.123.4:443 roblox.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 aws-eu-central-1a-lms.rbx.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
GB 35.178.34.242:443 aws-eu-west-2a-lms.rbx.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 54.241.161.217:443 aws-us-west-1a-lms.rbx.com tcp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
AU 128.116.51.3:443 syd1-128-116-51-3.roblox.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 217.161.241.54.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.51.116.128.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c4a10f6df4922438ca68ada540730100
SHA1 4c7bfbe3e2358a28bf5b024c4be485fa6773629e
SHA256 f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02
SHA512 b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

\??\pipe\LOCAL\crashpad_2840_KXUPJGJSBZZPRUFW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c3889d3f0d2246f800c495aec7c3f7c
SHA1 dd38e6bf74617bfcf9d6cceff2f746a094114220
SHA256 0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4
SHA512 2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd0c4d6b39f8d6df7c9ffc183ef3d583
SHA1 58cc48dcf5d82c5ab0d947fb6e4775f0ea1e113d
SHA256 6a6cade79bea1ae8be885704d4a6c3ed728148ca133dba38e820dbb0dc58d7e7
SHA512 1b2c59ffb00449e8d60ee1a6bdfca9fa1b4a3b95f770d02078b42ed624bd361e2ff4c1e4397e13bc456a3fe2d3416e7a31d58364b2918b2dcfea2658e127a5ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 49c7a55c1d62d3f7fcf2a883f80136af
SHA1 178649ecc49faeef7054a0f5714feef71f3070a6
SHA256 57a52402bf163c6a0e55c7fb373172a1c58ce9fa0db7beaabbca73ac9d74444b
SHA512 483ddbc7aa0b597314fdc4efcf3fff8b1c4d0062fb10c3727224a71dcb7259ba2faea93acc9912466a4550dd37d76aa7a89bd5eeace327ebac0b2139da89c714

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 8ab356dcf0855f8bd79b88f95ec81418
SHA1 74f51725f42f5ca4b54e05972f3af1ccffefbbec
SHA256 5abd872d2976f198b0bff40c5e9e69727c9d29530143a959210ebbaa29b31615
SHA512 54f0b5f9d18b3cc3f3c938352c9bc549161f851c2e6dac5067842fbcd444ae998c18f34d0fea78bb65318c4e2a2e56eed59f974f3ff1503aa405ee6b890f8eb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 83c4f316fe47b6a79fef1fc56ebd64ec
SHA1 2d446ec0f63beedb66fa4c55f748115e9dbd519f
SHA256 3d6a599f93d80f058acff19a3adc1bb04fd10a8131c56c9aaa0d5882961e5e1d
SHA512 20d6915cc818783b71f162e70d6c9bdccd1fa21165c05bcb0cc3ff8c161498736b818e748fed7522a03123f0427c11cb2a0d503d83e705c540ef440204951602

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eceeda18b89a10e4730e59903b93eab1
SHA1 371560800806002ddd460b089f306ecce31d90a9
SHA256 6d7cf9c5c77de7a66dae3f62c3499cd8f5194f9d4e1279b496de8e5916aeb41c
SHA512 414c9c6e0da9662fe689758ed36ae8a19d93606f8b425a7e34646d47fcbf850064f3f0b93492ad96c77516795c3bed9da602074fa762fa30af1d225b0aa0405b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 710df282e42bbb2c607e5820ec4ec663
SHA1 f657caa7055868199141ec0730796fdcf4fcf58e
SHA256 1bb6730c3601151c870caa92a9b316de5224a91d24db0b52ddb4d8654bf00835
SHA512 e13bd361cefd73a88233134ac4f39932c1bffdf8e68e4790c54b5d15f5ffdde5242b671318676ac1575a4848b4e1f900dbde6f53f44fd06e3c8b916a617d41c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581cf9.TMP

MD5 a95b66ae12d11c7f40ee44e022435dc8
SHA1 89feb31c0b0f04fe639b088cf0ecc3c6b82b41d0
SHA256 21ca0c2bdc2d6a9e01a5b9891f01b1ab34dcd6f47172e324957603a34a498ea2
SHA512 f873445168279a0192d26801d42f5c67942922ccb582e6d1a02ec4058665f5ea19089e94c75682d6d7d7233b725b82d44a4dd901f78ec4d5ed256de80d549252

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 740e6b51f75149597c7b88b3b85a0f49
SHA1 864079a1526f6c492c08b0a59c803ddaa965d8eb
SHA256 d216c41d8c9322728a5b52c5fc38460ab836362478bf4e5c6819ddbc3e5f3aa5
SHA512 870d14c8f8f2c289368443a424bd0957849104d0e1c96ad11e5b72530c67eb8a9bef2cd2bf2fd07471b745028a639a8006a76cd05a40e3db5b446564a4d200cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 5fecbfbd22ab620d1e6f72659ca06686
SHA1 45cc085712eaad4accd1e6be0ba68efba722a03c
SHA256 cb858bd1c0f9f34ce798a3c886360b416b8189a076b72453935b61415d1516b3
SHA512 58be606cd7c228e67347d787ecbb865c59146a2663ee7042640a4ed4dea42b814bb13f8e1383fcbd2e505a384ddb57b57f48da77640136bcc424075ba4a86685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 de86ca0a84ebf8f9b57b18f306c915cb
SHA1 ecd70f64c826f69be333fc2a18ee3cc8abf34130
SHA256 fa6bb64d2fe9bc2e69800430165ccd25feded51ac2b0a35a0c75e2bee39db822
SHA512 78ea7870f706f923cd6175d816585770c719efda699d2c8ba5983e6c7d26517020c7aeeca8a1742c9ed6b872f73c25117eb4874fcd8c4115e7df1e4621f3677d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a4281cfae8cef8d1bee43fe59bb54bae
SHA1 264bf8663a314f55895bf854dc430a0d2b917fb3
SHA256 b01df622605d5d7ec59d5c48fa3de7fbc598f614f9b222211698fee62f8f9923
SHA512 116a5abfe528e5fb7d13cc11708998289661268644e3c8405fb441cd926cb08da6ca2caae9b0d158ce02428f6ddb04f39872c6658b2adf99c8a0665ae1808423

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9708c0c6efc43e14136fd9f7adc207fa
SHA1 199a9d1cb1203b8194d5340684ac616faebf254c
SHA256 6b66a8a2dba7f3df68457ae71b0568d99fd3a27041f72b2ba49033fa62374614
SHA512 c6eea260f67d99a5253cec5012c6c256b4df1079f98b7aef43f02b2afe9a91b767b069c03fd5b36dc456cd66ca2f72fb22cc6cdefe5aa8baad184eb225bc42d6

Analysis: behavioral7

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

android-33-x64-arm64-20240624-en

Max time kernel

39s

Max time network

132s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 216.58.213.10:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 142.250.187.202:443 remoteprovisioning.googleapis.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 172.217.169.10:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 update.googleapis.com udp
BE 108.177.15.94:443 update.googleapis.com tcp
GB 216.58.204.74:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
GB 216.58.204.67:443 tcp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

android-x86-arm-20240624-en

Max time kernel

129s

Max time network

139s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 104.86.110.154:443 static.rbxcdn.com tcp
GB 104.86.110.154:443 static.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 92.123.143.232:443 tr.rbxcdn.com tcp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
GB 173.222.211.9:443 images.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.34:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 roblox-poc.global.ssl.fastly.net udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 aws-ap-northeast-1d-lms.rbx.com udp
US 1.1.1.1:53 aws-us-east-2c-lms.rbx.com udp
US 151.101.1.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 1.1.1.1:53 dfw2-128-116-95-3.roblox.com udp
US 1.1.1.1:53 aws-us-west-2a-lms.rbx.com udp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 1.1.1.1:53 sin2-128-116-97-3.roblox.com udp
US 3.137.17.126:443 aws-us-east-2c-lms.rbx.com tcp
US 1.1.1.1:53 cdg1-128-116-122-3.roblox.com udp
JP 35.79.105.171:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 44.224.16.163:443 aws-us-west-2a-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
JP 35.79.105.171:443 aws-ap-northeast-1d-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 172.217.169.33:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 172.217.169.1:443 tpc.googlesyndication.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 216.58.201.106:443 tcp

Files

files/dom-0.html

MD5 b95e6c49ca625858e7914ad6be45c9dc
SHA1 5fdd447ee4c84f292716962b5e02ebe705395d71
SHA256 42860833bd78b44a956bb32379984fa2bf052ec7cfe7562fb99b383fe1e85bb9
SHA512 ec103ee6a34bd2a0b78fed4bae8b197f14ff960cc44046258d472370bf9318b1436d030263fb3124a4854d822498ceb51c4559ece57c6450dd95c3481505fbf1

Analysis: behavioral9

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

macos-20240711.1-en

Max time kernel

148s

Max time network

151s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=28]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=287740256 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=63]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=287779328 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=63]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=291895579 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=292575987 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=292864289 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=293350402 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=72]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=94]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=104]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=66]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update --system]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=306406514 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=117]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=75]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=321361530 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=75]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=119]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,17221300030974167368,14306393060224074971,131072 --seatbelt-client=120]

Network

Country Destination Domain Proto
US 8.8.8.8:53 35-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
GB 142.250.187.202:443 optimizationguide-pa.googleapis.com tcp
GB 142.250.187.202:443 tcp
GB 142.250.187.202:443 optimizationguide-pa.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
IE 74.125.193.84:443 accounts.google.com tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 216.137.44.23:443 tcp
GB 216.137.44.23:443 tcp
GB 216.137.44.23:443 tcp
GB 216.137.44.23:443 tcp
GB 216.137.44.23:443 tcp
GB 2.18.190.70:443 static.rbxcdn.com tcp
GB 2.18.190.70:443 tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 tcp
GB 18.245.253.65:443 tcp
GB 18.245.253.65:443 tcp
GB 18.245.253.65:443 tcp
GB 18.245.253.65:443 tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 18.244.155.96:443 udp
NL 128.116.21.3:443 roblox.com tcp
GB 23.56.238.80:443 tr.rbxcdn.com tcp
GB 23.56.238.80:443 tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 tcp
GB 216.137.44.44:443 tcp
GB 216.137.44.44:443 tcp
GB 216.137.44.23:443 css.rbxcdn.com tcp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
GB 216.58.201.98:443 tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
US 128.116.63.3:443 lax4-128-116-63-3.roblox.com tcp
US 151.101.193.194:443 roblox-poc.global.ssl.fastly.net tcp
US 128.116.32.3:443 lga2-128-116-32-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
GB 108.156.46.104:443 c0aws.rbxcdn.com tcp
JP 128.116.120.3:443 tcp
JP 52.192.85.158:443 tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 cds.apple.com udp
GB 2.22.128.162:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 184.26.189.174:443 help.apple.com tcp
GB 184.26.189.174:443 help.apple.com tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.195:443 update.googleapis.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:443 dns.google udp
GB 216.58.213.10:443 safebrowsing.googleapis.com tcp
GB 142.250.179.228:443 www.google.com tcp

Files

/tmp/com.google.Keystone/.keystone_system_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 896f279b392b249c3def20f5322b64ca
SHA1 b771690e8d6381409842550eb6757a0589801753
SHA256 957a309997a9d8ee76c7eef47a2af8d69d2c288968b94729c244ebde6d410110
SHA512 fdd71666d375f5c68589b9bb0def7414d1778eda2ef3ec392952fee1408553349fb0fcda44ea23928ef061f3d422fb60ba46cb55c40a3f79709da414dd8ef606

/Users/run/Library/Keychains/login.keychain-db

MD5 bc33b9ad0939d210e70c40b4ee9a4a75
SHA1 ed1dfe8a051687120db6e1557ba020fa736650db
SHA256 40daa1fbf5a9dc8425e6b091a39b328cfba7e98d5b99f89c3e713c13a9456560
SHA512 cc0318338bcbae14f803b617f059fcd42796a9ddefa8e991f01463a444ba2556c544a54f6cf6a6a0b7dee120d82247126af2bc4cb418411f23d7bbaddf3b5fb6

/Users/run/Library/Keychains/login.keychain-db

MD5 d24dacfde269362d44c5e58944604558
SHA1 701efdc5471a665df18a75ae7555f0764dc622ae
SHA256 1ee6ed79296644daba4d0ee32cbf89f447b5a8aa98a6b1310ebcbed767cc8b6f
SHA512 8d01a01c1f6182f5431298cd14258d465f7810d64495ae1dd6e49f3ff9db2344c4647c54ecdbb6a344553ab5e68f812a4f6ffa3268a3254fe16c5b8808d2beb6

/Users/run/Library/Keychains/login.keychain-db

MD5 bb9fbe139a4ee75fdc4dd80c5176323f
SHA1 05284e0cae79e183c2a8b8c608ba0bd842ddc86f
SHA256 08ec9eecbf4cd91465ad299ab996aa1364ad08701c9cc105f614bc5d6b7af7ef
SHA512 74345b8ab98a3c0ec8b4b6b15d2da0d27d0fdeb698af99ede15e884bc0b24ff90f0de283292d44f92171722f13797539748068d69a21e8bd2bcf6a23af91df5b

/Users/run/Library/Keychains/login.keychain-db

MD5 70fbc313ea6d3a7ee871e90b90df89ee
SHA1 afc522dc7c9a1019fbe599a5d1d54610927d5c31
SHA256 e862b8f6563e6ded9e1afd506ee96df3bfcfce6f2201f7ff4360871e2f8c9c2e
SHA512 13e10e1626d851b0c95d4c7a0d00996ab21d839401784869b5e0a10f88522e0abd05de53975112c3b7478dcca3308ef9a4e123489bd3a1dbf7542183ff4ae945

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/Users/run/Library/Keychains/login.keychain-db

MD5 45fed7a4df8eed06b782502c42a28847
SHA1 89b48205c7678c72a02aa3eecbdbd47557590690
SHA256 502eabce27cfad6517dbbefe19da31ebb94daa70eb2bb36d5bbae0b996e84c2d
SHA512 7a5e9f33432ca6a93059b6f457a0d13c573bf12daf7b58b87e6da23861df3dc3fdb8970ded9893a0d51a9b0f6b61ccb53f3d66f62363b0e0202bb9450005989e

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ECj2l8

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 17a2dc5826aeb539547f00f52eccccd5
SHA1 fd36ad6db84312792cffac0267f6329b21727d66
SHA256 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151
SHA512 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 ea517aa120c972c602673d331dfa35bc
SHA1 7ff539eec544cf306b80137bc182fb544e58aad5
SHA256 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da
SHA512 e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirrHy2XF/CRX_INSTALL/images/icon_128.png

MD5 30899b6c4e4a757b8ec6dd2208acdfb4
SHA1 f2c5880a724c6d75cce1b5191e0d82c3bc7de768
SHA256 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4
SHA512 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirrHy2XF/CRX_INSTALL/images/icon_16.png

MD5 344554d96e418120bd80ef5de5194697
SHA1 23e141c3a6ce368acc1c299f062ab85914bcb17e
SHA256 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
SHA512 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

MD5 6eebed29e6a6301e92a9b8b347807f5f
SHA1 65dfb69b650560551110b33dcba50b25e5b876de
SHA256 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
SHA512 fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 196525.crdownload

MD5 cdb8ff6ce79dac0f9abe5eb5309f1509
SHA1 783b4705fc1509eb947c1a12d89c3811243e3473
SHA256 bae92fdf1be7385d299b20da42368333d9b4dbb7708c1dc6cf4459906c84cf56
SHA512 34e0691f4707a8280c5abf174708d517280b7e1e417555012dd38ed57bb50b1c537867a9df74a78f453ebfe33d0866aad179a18c510d26f401c1670734f463b8

/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/b16ca49b-6406-4905-ae7c-171678c12468

MD5 5adf364735dcbe6bf26ebe3f705c9dbc
SHA1 a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46
SHA256 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340
SHA512 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/94d86132-1e79-4273-9e5e-558957307b11/model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.JjLstT/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3

MD5 b2dafe25aea793b54de2becceb187c6d
SHA1 c161e609d50f79ac43b26bc3ac501c06ee1f98b7
SHA256 e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a
SHA512 9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ftTqzI/7_all_sslErrorAssistant.crx3

MD5 636c653ec2c30bb767533901a18669b2
SHA1 4b5a01cfea4c5deb62f3aafa01ef24265613b844
SHA256 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a
SHA512 a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.B6DrNM/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3

MD5 ba0c44cdcbb9f1a8b1b2cbed95346caa
SHA1 c9a5e9df64b46db7bf44b091da1c5553137bff55
SHA256 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948
SHA512 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.GrAFne/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

MD5 72326a22c279498851ae0331f64c001d
SHA1 ed2e9811491e6dcb047cdc5ff8c20f75091c1f99
SHA256 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541
SHA512 c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.L7Rwol/hfnkpimlhhgieaddgfemjhofmfblmnib_9081_all_ozwc255xxmlhoqe7rpxe4gomvq.crx3

MD5 8974d6c082d50808d32282ec4807e4f1
SHA1 978d26e8adc657a34dc248b5f387790dccef0a6a
SHA256 c9b71dbd049ee9c282c30ea72c025277185fcbd36e1edbcc40486567a6a27256
SHA512 c0c60dfeb2e0792286e8a1f1f4d97cc9465f20f862ff860cacbf06302103a0a654b2286b92a4574093cfea401aab2f64cb5d3479945e55ae0da17762867becc5

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.73WCrS/efniojlnjndmcbiieegkicadnoecjjef_1062_all_adeocrbltt6ccaniukpklryf3ibq.crx3

MD5 58177ccd3bf9e82220c0d4677e677171
SHA1 d5d2a3cd1576b65db1984f196654252352b76223
SHA256 22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d
SHA512 4ada72196a0aee1d67523008fb1c9a8726c17a79f6df6b721c449389090f679cd1e33545a478998268ff51a0d0096ce5073151523c76fa4b9c32ce728ed73851

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.A3bDEp/jflookgnkcckhobaglndicnbbgbonegd_3040_all_j6kvwuv5hzxeixor5sxkklnez4.crx3

MD5 74380408f0ea043c6c7b97ac9317a0a7
SHA1 f54af3671a592aa5948039563e358474e50886b4
SHA256 2615170554f3293586bc51fabc3cbf3d6058b396f1bb0252eb4bf9c25e6481c0
SHA512 7510500d90fc86956cfbcb1f5f207dd3ededf80ee04c2ab2f09838967d73872c51879b60edc35c7ecc8a53d49cf564e9c2fd51b263f04f846d149f3db941962c

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ZtbFwq/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

MD5 cb79d407a4d6d8526b42060b9210b5c2
SHA1 331e3d66e82e130042897faf86dcbd05d7b227f1
SHA256 e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165
SHA512 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Kxmqcq/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3

MD5 667e9eec04509aa9e2b318f580addd8c
SHA1 346267ecad10c54de52a3aeb766ea72449500326
SHA256 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f
SHA512 a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.0o19z4/eeigpngbgcognadeebkilcpcaedhellh_2024.07.12.235938_all_a6r64uyugl6fjh3lupjqo6w7ai.crx3

MD5 5e35055aa7583eb7c42b10833763abab
SHA1 a8285a121e4cceb3cfb6b53827bd1cd3682af862
SHA256 8814cb6cab024b119ab991ad7acd74f4df7bc68bbf86c0903c8be9852a5baa55
SHA512 79006925696ac264d2801fd41fe632e5c2c9261a285d4e7a4368782f682cfadc6cac2b83835904a28c4734544b2b4230d720f81b7a2ee4c4782562a53858d952

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.6R6Fbx/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3

MD5 49ead9b7d2b2ec477daba795de846db0
SHA1 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc
SHA256 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a
SHA512 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.FJEV7N/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

MD5 2db7e78c310ca8e73c069a604eac4d99
SHA1 a6d1e03514f8eba03ab81f1380fc54aaded823b6
SHA256 cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85
SHA512 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data

MD5 c5e30274fe7b93847f6d7c02410d1209
SHA1 488a49f38459f29e110c706c51b61ca1ae3b0e26
SHA256 e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea
SHA512 bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.G3cqrG/obedbbhbpmojnkanicioggnmelmoomoc_20240823.667410168.14_all_ENGB500000_bjx5pfk22zvlrg74ds2zbjubhi.crx3

MD5 fc8c03bc80a915b437a42a43903fc760
SHA1 a4be247fb11ef9d7ec5a52514cfe3f729fb16b4e
SHA256 146b6a960bcc2c889ba06b8fcca482c04e53e66db6913d32d482aacc1016811f
SHA512 53facf49e100ba0a423f93e81b600a68aa54af1280edb8e39bb785bc0c418f3b5ca6f8a8b313bcf652687b490ed71ef0dbb07c4794b22613aca68b2a4556d606

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Dx9eFb/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3

MD5 a40c655b337e082c76b6ab04042b7ae0
SHA1 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8
SHA256 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff
SHA512 fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ggKpEs/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3

MD5 0fa505d26fd906c645e60aa05f12af36
SHA1 ecb1def63dba6d475dcd61c4d3a6938855e6f24a
SHA256 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2
SHA512 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00

/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite

MD5 a9803d560544e4d1fe551b2c113c5370
SHA1 a998fdb1e80dbca61267db112812a7ee34b82dce
SHA256 d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72
SHA512 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.kwP8qm/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3

MD5 91e1255f92fc76b16509bbd174a992b5
SHA1 44cbc6b7b60470149850d375f2e2ae95cf1c012b
SHA256 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744
SHA512 ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ItWSCx/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3

MD5 91a8d56c19e60520cf00b78a506b87f0
SHA1 a794be44a680983ac0f87b1faedf064a65016623
SHA256 b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29
SHA512 efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.EYj4jx/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.08.10.00_all_ngbcdbf23y5deox6qfrqcyni5e.crx3

MD5 b22ee22c7bdc09a81df6804e2843ca2d
SHA1 e8b4df8defd371e9af3e053681c7c54cabd29544
SHA256 dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4
SHA512 cfd33ea1156241d56157d5381c48be65e80290ac5bcb541c0aae0ebb3e8010bd6eba8f74c77a37a17acf9b5a1c2c0090b61b146385689344c34de4ff7c0c704f

Analysis: behavioral5

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

android-x64-20240624-en

Max time kernel

129s

Max time network

142s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
GB 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
GB 173.222.211.16:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 92.123.140.17:443 tr.rbxcdn.com tcp
GB 216.137.44.24:443 images.rbxcdn.com tcp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 173.222.211.16:443 static.rbxcdn.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
BE 108.177.15.94:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.204.78:443 clients1.google.com tcp
US 1.1.1.1:53 mia4-128-116-45-3.roblox.com udp
US 1.1.1.1:53 bom1-128-116-104-4.roblox.com udp
US 1.1.1.1:53 aws-eu-central-1c-lms.rbx.com udp
US 128.116.45.3:443 mia4-128-116-45-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
US 1.1.1.1:53 ord2-128-116-101-3.roblox.com udp
US 1.1.1.1:53 aws-us-west-2b-lms.rbx.com udp
DE 52.58.187.82:443 aws-eu-central-1c-lms.rbx.com tcp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 aws-us-west-2c-lms.rbx.com udp
US 1.1.1.1:53 aws-eu-west-2c-lms.rbx.com udp
US 1.1.1.1:53 c0ak.rbxcdn.com udp
US 1.1.1.1:53 nrt1-128-116-120-3.roblox.com udp
US 128.116.101.3:443 ord2-128-116-101-3.roblox.com tcp
US 52.33.128.7:443 aws-us-west-2b-lms.rbx.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 52.38.237.189:443 aws-us-west-2c-lms.rbx.com tcp
GB 104.86.110.186:443 c0ak.rbxcdn.com tcp
GB 35.177.44.219:443 aws-eu-west-2c-lms.rbx.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
IN 128.116.104.4:443 bom1-128-116-104-4.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.1:443 ep2.adtrafficquality.google tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.201.97:443 tpc.googlesyndication.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.178.10:443 tcp

Files

files/dom-0.html

MD5 6e8ca7377f36c92eb4a318c086987315
SHA1 609cff8bbf43dd2bc3a48c22bdd90185efa4fea0
SHA256 2bbe8b6aa2728db6b846fb2353f30c802a861acd830ad1ecac1b6a31b95736b3
SHA512 af9a36e1f0852de4435d6642af33f761871eed2e584d90c0777c2d761d59a8ec24f19702c2d2fe77b9890dae6a3b60b0c4766b083d68b87cda951cb0660f0d0f

Analysis: behavioral6

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

android-x64-arm64-20240624-en

Max time kernel

135s

Max time network

149s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 www.roblox.com.bi udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 www.roblox.com.bi udp
BE 142.250.110.84:443 accounts.google.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
GB 173.222.211.40:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 173.222.211.18:443 static.rbxcdn.com tcp
GB 173.222.211.18:443 static.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 roblox-api.arkoselabs.com udp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 2.19.117.32:443 js.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 tr.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
GB 173.222.211.40:443 css.rbxcdn.com tcp
NL 128.116.21.3:443 roblox.com tcp
GB 2.18.66.17:443 tr.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
GB 128.116.119.4:443 ecsv2.roblox.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 mia2-128-116-127-3.roblox.com udp
US 1.1.1.1:53 c0cfly.rbxcdn.com udp
US 1.1.1.1:53 iad4-128-116-102-3.roblox.com udp
US 1.1.1.1:53 silver.roblox.com udp
US 1.1.1.1:53 atl1-128-116-99-3.roblox.com udp
US 1.1.1.1:53 aws-eu-central-1a-lms.rbx.com udp
US 1.1.1.1:53 sin2-128-116-97-3.roblox.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 1.1.1.1:53 pulsar.roblox.com udp
US 205.234.175.102:443 c0cfly.rbxcdn.com tcp
US 1.1.1.1:53 c0.rbxcdn.com udp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 1.1.1.1:53 fra4-128-116-44-3.roblox.com udp
GB 128.116.119.3:443 silver.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
DE 54.93.128.66:443 aws-eu-central-1a-lms.rbx.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
DE 128.116.123.3:443 pulsar.roblox.com tcp
US 205.234.175.102:443 c0.rbxcdn.com tcp
DE 128.116.44.3:443 fra4-128-116-44-3.roblox.com tcp
SG 128.116.97.3:443 sin2-128-116-97-3.roblox.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.178.1:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
BE 74.125.206.102:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrnse.gvt1.com udp
GB 74.125.168.200:443 r3---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.200:443 r3---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.234:443 r5---sn-aigzrnsl.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.202:443 r5---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnss.gvt1.com udp
GB 74.125.175.10:443 r5---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnse.gvt1.com udp
GB 74.125.168.198:443 r1---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnss.gvt1.com udp
GB 74.125.175.6:443 r1---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.199:443 r2---sn-aigzrn7d.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7e.gvt1.com udp
GB 173.194.5.42:443 r5---sn-aigzrn7e.gvt1.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 1.1.1.1:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp

Files

files/dom-0.html

MD5 2b2a22b0fb1411557ffac6f3e03935f9
SHA1 d9cb5d65b9a404663a83a34e255f6de5c1a6e28c
SHA256 721a1cb55842589132031d45d0a11bf95d88263a4366582da17b6d8bb13c1ce7
SHA512 dd4c3e04556a053287f783cf7509673379de96ae21bd8597336bbc52834a5dbe5e8c3e14562fa3aad9c462706ff99d1ef36b9891d3e48e0b2f29b07fe0fdb5c5

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

win7-20240704-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431446749" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F856B241-6931-11EF-84B3-46A49AEEEEC8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606bebd03efdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000aa1a539d195d92aa6ef33e93207f54451cde1375452719771048384ff9ee6014000000000e8000000002000020000000486ac5d84b8a8a29f1ba20b9977126c7deaf10a0db46a101c3824568a0ff239e20000000b23b33ea3e14db81b75b1fb31a227e9655c7932db4c6a438691a0c94849e9567400000001e499493ab56606514da011ccf2af0b3a54eaa2adeb3c04571d6d0e5f6b7c93fbc2d86c5f048742e706d4f0a8e5c6ff3aa5cb03fd247a8f3184c99f3f63f659e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "82" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "138" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000002dd88bad8f32436b0028ac7365c0dd750ec76a996961876936b25e7b07480e36000000000e8000000002000020000000374aa82a3c722c73d16cace4e04d2e2784a1c935b6602779947fb2949219ebab9000000052d0b13577f67f320d4e47342ae48c7eb1ed4fd36d9cbd6a562c12b4ff14d733a41c57033feaf5eada066b85314da67bc18cddce883a15ca6a90078e775af9a4b3f92bc0a41b775a6bd1ab008a86596f14df8fb38a4adaf135a0aea6d990853c70d3505d1fb124db3e741192f780853c75d75439657ba3d9edd20c4cb84be810dc1d6d937d13ca1a7b6465fd28f65a7c40000000f16846a23931f3297254bb68557bc7f21d751956160135b85a91602375e927e8b6ac181c9c201e6f71dd667aa3eb3bb8865457d4e8047f0f00198143997445b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.73:80 r11.o.lencr.org tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
DE 128.116.123.4:443 roblox.com tcp
DE 128.116.123.4:443 roblox.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
GB 142.250.179.232:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
GB 172.217.169.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.18.190.71:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8B03.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8B06.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffc0cf1ae5067f4a5ef1711fcf8cf5c4
SHA1 a90000d6bfe2a5f58d63daf83241d28f92ba733f
SHA256 8745f8fde886fa405e9d7e7fdd13086a50727ba1ae545ee45733c03026eb1389
SHA512 2dd8b09466a660f297f4b3c2c0201261a0c064e487dc974edb1099ec495220d2c90db659d0e34740997152e824bb9ad3812151d686dfee9600efd4c2d15be0bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 271181ca432321ecfbc24aafae5bd830
SHA1 4b1dff27f75ab356cfd42c76429d5811a1ce8429
SHA256 ea75dc9e49a29f300e9cf46a6e7eca384dde59efec4271602c690363149f3e2c
SHA512 9b2ffd3d7d991461868cb98f9872b05db89b945be2211e77539d287c81a350304318bbf4c53cfd01e01d99f6c9d3bb0722108d18e16cf19753d897b90f17d9bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 263f9f8c189956897d9edda6b7218d0c
SHA1 c81b1a8dac477a8df4af75ec1583d30e64fb3761
SHA256 f50521af8da3382445131ca029dfb0de49015f541ba38860f86ba5e4cc55fe53
SHA512 2bfd26b4d92472ca82db0530f4150f3af5379075c0c362f01508f472e1f6d8ab4d1eb9c5a9580635be7496d9372889328c32dfadeb2eeb0d340b8cb519fa65a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82ef939e02debb49ed2a380db9ca54f5
SHA1 973f798847f2b48e7c61ba895a855bbe2ec57c90
SHA256 aea77c4aa252cff46bc355fe93ae7fbd2fc9dc7a51e087365b1044e84635161b
SHA512 b25fa00730354c06375efb6d19a21da3249e4c654a75509cbbbd6590f625612d3388e0dce171460f58ce868c9412987eced3f6d99008a84dc7a513bfe398f4c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 75470f1e3543ad2cbb3f7b29d5945278
SHA1 27bc9b792c229cbd9e92794ef7286be73731a7fa
SHA256 baa080a89850729d0e2aebdfaf94c435f417f902775ebf262bef631168299d2e
SHA512 4eda8ac53808f59659a4664104985eae270059cd19fa899433945bf69ea599679019e74c4a74f6e9eb3fc6301dd8bd4cfb3fdc0cf0fdf9dbdf7035449b104530

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbc7dd3fc42f3cfbc34f8bd07faf9358
SHA1 9a874e608497f99988068b6121dda331bd733c14
SHA256 097a78e66031cf7a2e043f7e43394f90f4e82deb73ff7f90ad1843ba20b2d69a
SHA512 e114477b26db9f6f49a796be542ebdd9477e40f7ccbaa5b13d5b12a984277165c6f3f23b2737be72be93e0256912398f19b20eaa5f6c6dae4055f712a5886789

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

MD5 ff4efacbb4844b4a52fb5db654bb0681
SHA1 264adfa4933b5e1fb27acd242922493a77f1988d
SHA256 4deeb5da4a94fbea518193442648849cb85672cb30a4dec3d05c33ccf4e486cc
SHA512 326ffe36c0a974f7df7f820777fa368d508b26b70df473a557f1a7adb049b68f14b9c2b56a362752ba70451cb103b84c50900aa15e4f031b32da3ba9b7f6a2d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fe5f94e7c27524d01d151e952747a1e
SHA1 c99a6e87913e621472e102c5f21aba77202cb492
SHA256 50b421bde256e6255ab9c40f6fcadd5667bf2a50c376fa4d8654856d9bddb059
SHA512 f3dfda25d1b447dc0b625bd60f61b37cc5f9626d7e19435b5bae80e281dfbbc0e21a824ecbbbe57ed63d565b7dd41747051c32bd003141aafddbb65582ecf766

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 888ad050495c06a8d7525a302354ac0f
SHA1 5b96c0db78c51c54470fb1732e8f52211479e557
SHA256 7ec5cf86a31524d71d75441e3f1b0730b00ecc0ab3c49670db24ff9363133768
SHA512 4c7315ffd572af847e18fbae2727a0afcb0ff4e7b7c801b588f1fff1f3a2995264c808a6ecf06495ea5049fd63742196d6784bacabfaafbb74944a8a800db40d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e331673ad5b8cd506fbc18359b48cac7
SHA1 9db791a1456208146f6d1b69b9e45438b3900e2e
SHA256 d55eaa39a39a3502315a63fdc7f786f1584e1f2bea4cc9409cde77cc8034082e
SHA512 e58005a93382afd20b8fcbb71eb72e73f935b441f2b086adb144a42293548bf7bfc997d18e73ef3b5e06e02d479e26b473ceaa1c03bfa728643987d2e4a9cd46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92a197c1a90df2659c08fa2b8a5f468f
SHA1 ae7cd611197335337256a6b283f43ad2098a34b9
SHA256 3261675e9263e115fce8de9ddce8e8607aa8e3b0501052d6ec0aa931423e9165
SHA512 15eadd0f57bf0d55b83a452b0e8cfd741ace6440ed37ea817bbabeab3c6a4159d6a59d3ac8b56a9c13906a774ba049b573bd158fc0426aee97cc74637725c7c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47f9df77c4459bd61680cbb008b5ee0d
SHA1 e9e442e77bcf6bba29300e17913650c879ef7b11
SHA256 78a761308ede8b8964e0c24aaee49e82d050e661fb1f96cd0e1faa62e1493237
SHA512 7b4414c2b6093a7564d7996d57483df8930adc1554be18afcbe4cd9d3dc9b538269de41e3c78cce5af63c17a043102aa21a0cb5aecef0a8c9f10546ba72686f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23fd25633f5da096fb0e8239833b4296
SHA1 650e0cf6a39529c6c8bd4d69605a1bec9a93795a
SHA256 809b38132d4bf689ac5c765245e9d797e025e4cc8bad66578ef13904409d204b
SHA512 7e8335b7acbdbc2814ed3df9f025c7749abeecccdd50fab7a8d67fbe6f946ead077c253f2e37129d5dad7bad244d955e21046557ca02bab6489c8fe3379ba40b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a07adfde1d679c14edb985aa68e9b698
SHA1 8145e2f11705a95224b4f3b1494f5926aff85295
SHA256 f6758a67db9a9796595800b2df6de29e50d014a484230cdec27d625d38df13f7
SHA512 27ed7660e55c64baf681a78ef17a0b1d58915c5e0600169948cb37c6f9f6eefd3107e8f0e999f0d7301ab090f47f11ca6ed8067c5e4c16cb967e50d12d357cbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 656603d8475f6e7d9b40d36bde1caabe
SHA1 dee505308fb63e1286b5fbc97cb4c66aeaee8674
SHA256 b5055c1e5ee809a80828a7a8dd7449a6946a54f919929330e2c73c6c6c1552ba
SHA512 d380f24685af35aca03c4babe3bf5e866d2a2c9d29ee471851249a0c002b00660d219b5f9f8134d2790939ce7d9cf4b81f4d7a251bab16e7a2538cbed5b549e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb144608c1b44f54f92815a19c1dfbdd
SHA1 c128c9481078fc9152d8c0d39e877f7e77ecfd25
SHA256 14ed30b574a033cecb02188cd8a233c03bab02853b8be2dc433bcc4575f5a40e
SHA512 055a7cea1eaa9ea4e9b1c3f273f4e1802d50a06f284eca211f03a229c6fca286706708d3ff0f57242229d56f2a8ade499c37c67072d733dcd263d7c64288f3b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 5136c0da506ea611c3629be2b948ac1d
SHA1 cb7d7e39ff124b8196c24c4ec74220eb22ade0dc
SHA256 8e14d92b2be793376ab22ed36cf243e33cde142d3eb05cd3acc1e7c787a021ed
SHA512 09cacf7c9f89e3f705135c1ba7ff964a28875cd2b70506d0220924bb4e301ab50af9a40aa609c1c917fb036c8cfc861ebb7cfcbeade57f44d5c0c89f0666c86e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 d1e40879d31f5b33a774478c9c536d1d
SHA1 ed0fe945a1540c104bf0ead2b9d9a5a8f417bea5
SHA256 6e4a61a00a6675f60dcf65e4545b845ff7e008cc5bcce4470004c82ff62aaf5f
SHA512 465b204280650ca749ef238a022e84382be2768d955877a45817c1eef7921decec428ad189452ba1f564c15469f82b054376c825d808f2553d129f75e9be80c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 026482606ccb80ae0faa6e3068bd5c96
SHA1 dc839d3331c5484cf29741cef067a372ee8e1138
SHA256 39fd43d138ab5756df954b1e29ff46aed257a9db250363b22d67c102bdce3a37
SHA512 52c8e045831503a7f71f826a9b541ea98baeb88da39170cafa45f86be1cc516cd5eb99b9943853fb4f7dbeb38f6b6dc66b5b0f2f131b604db05829cab3bba64b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 bd509225e11a5f051c957d36e1601edd
SHA1 96c7a33c4b41d05b4996bfee8352e9c4490eaee4
SHA256 45c4c50112ed7a7f6a4088ceeb2f783b1815cb6673017443fe586d35e4163ea2
SHA512 53902aa8b4996656f5390270086898c03902fa334fedf5a3871129522366d7322496fd9fa4fe869aebab20624136461b1fdd518c7f4dc99bfd6725a3f29d260c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 bb7ac286313b1d448a66193bdee3f634
SHA1 1d9b6534a4c9b160fd680ccaae0edd2acaec07ab
SHA256 a7b59eccb012e502514c91bae21d500f73216ca3630187409c061768e30b61a3
SHA512 a7b2c69af9449d3ff5ead0587403eaba1e8de7ae8b5a30890c8926ecb9d2936794e28019545a74a5158e4d9f6c064702727be49c93949f7e341b34b5e1a353f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 30c78c2533351e7712d12d7b9eccd5f4
SHA1 b94e079bca180322e275a9cb1bc1e0cb147ba5e9
SHA256 8ad76eb6c04691d7342040689e6a5848cb9bd0e410d60402009de7faf66e8d8b
SHA512 018f420820d9b13757d94d955c435d5ce810eddd0d23c5b84ad4244028a0586a3f819e6fac92b293f1eb8c15517cd6f139a71cec8af7f9ab023225966d1916b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 f2649cd4f568223d0fd598d66d8c7e2a
SHA1 50d71dc65285445e97a8bab6789b3f426cfbd83c
SHA256 2fdc0245595fbe3d901fabe5c66978e2a298a2b594632db8856a4e2caf578001
SHA512 591483c0d4f4f1ae7437982368115b024aab463e8fb514e5b8614891a9bacc616d883f92829cf0953902838e2ad412d4fdf1049240c0338bb62dc3056c7305a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517

MD5 02b3651c2c0790de48a95869810ecdcb
SHA1 60ad8b30ac20cfb3a50fd853ddd5d1666eddf93b
SHA256 f561776cc6fad4b95b7aa83a6242b50a209da59e5459582987e72bbd86b61e5f
SHA512 da1905b7f4278d00c6560f9de4388e05b9576acc471b39f320cf9c9cd05e6174a53006de820e22ae52eb05dc20d44f94c2dbd224900838795ae2f2df3492bd14

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\api[1].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 452890cb80afe5aa23320c2742e6bbb2
SHA1 0dbca9d4d46ff623600196d7b4f8a8470ac9f4f2
SHA256 5f6b2101c8871a2d22af1a97be5faff4988eedd8d68bc81c8f1e843279bfcc3f
SHA512 e622c1fe552c03b583e5888f45d0abe292810111f947f7d9f12d95683b8d3cfad834ba2eeaa3b541fe4f3520ba33b3ee9ae1b153029c40d580057fc696074ced

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 c822ddeceba16d221458adf65d4281f4
SHA1 ca6c120a26eae43f6a736b0ec6e9041e91efa826
SHA256 31be2495563b4523370a349323e980af43af6be3acef4cee510fa89491b89db3
SHA512 cd08d849d3683b93f9927ab80c912cd944fb37ed9588ab8a5da0bfe4e817c3b88a290969d2912d4486bb6706adba6e383d6e92ec19a4bfcb410eba416378dc68

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\js[1].js

MD5 7b3c13e42eadc8a95dd6b37792578c7b
SHA1 4fc15d17e2ff0a6002154bd4b0198e0867935086
SHA256 2493cf77f32fd2ab7f3e8d2ea9f32762374326addb90df70b8133ffecc694280
SHA512 7f51c306dca4154783a34d9eaa7cb0f99efa175033b58e762552f3f5762007ebed87223c41432fce39a2e4ce7901c12e4d55d6fd896154a806bd41b60776e336

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 98c729f75fc857b6a7890317c091137e
SHA1 2ae2abaa1c3490e459df56d1abb5b50f8a5e7c9c
SHA256 65419d555c2c4dc33477d27b6ec002174369f7619c28c49882df4e7948b04d37
SHA512 a4d3352fc0adf557ba5e76e4aba27990af3e938812e88994a65460e3514b8595119c20417757dea4fd8a0dba444aa6d9f1b7c753697af393887f61ed6a204fb4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 90165d8740498f6bf761dc711dc1ce58
SHA1 4503b435be9cbf5abe258d55fc9955db119be061
SHA256 b8351f31d64d1e9eb36376d3553d866fea8a392e42a1947cc2fe47fa4855eec3
SHA512 9a9c7787fa875205d158385ed9636b04a77df38dbe47c91ce92e3645fc883f7d4575fb907e1b4225fde471e5a61d24b53487fe62898289c4bae4fe98de1be92b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 c09dc73c2c9fa159a56c958635adab5b
SHA1 fd8c0dccc8db2378b1c2601e4d72af0f5694e58d
SHA256 0c6de0c506f15e9a689cc14fc0553412bff618f30d8fb9594812fa71d658764b
SHA512 bfb4ccd609f8f08626e78d8549a838854a2be019426837f72c33c85cd2718ae37c5c21f285ac0bd0a98216a31fb2835538f78d7d4eec2f0ec0c5d314b5a954a8

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 d908f1479a403037785f639a8a10adf4
SHA1 2179679f81fff2db62a6cdef1bc879e8667869d0
SHA256 cc1356022009ff2b3903bc4836c762a50e77a41138838eaea1c6cfa8d2ca6ae6
SHA512 5ff9b144fdb9068b49ed1436c143195cff87e839cf6064565e81bda243b2867d770aa9f1968d537ab47342ae640336f54a9d5a94fd42cdb5c05acbccc916f5be

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 27723b7a15cd3a940218110495f8ffe5
SHA1 50477fbdd10cddb009402ebf4462d2b44b34cb4c
SHA256 3b0eeb2367cf5657a4a0682ba12c937855089876a86fffe0e4696546dbb95a5f
SHA512 167d72fba4bee593edf94497dc574a92a09c9e8cce7a2177efb643929952c65aa1bda933d3c6be19b3557ac6d82ac32dfed0c3cd983e4f71b296b33cd839926d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 502dfc4ed3256b00369a3f3190c444f0
SHA1 1c6fb49e1690576c67bf6cb958f18c78289bb79d
SHA256 a4c2376aae8f83e4e7b027a7752b0f20fb0f623d2c3230655ceb02185bdc4e2b
SHA512 09f44702821515f28fa0853e8a300f197e56231990160308e8afcbd595ad54c50ed47de3c7bdf9e35105d0a20165b0bde542e29d0f6b01877943f1d5b023cd1f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 7ff00fc38160a9c37afc8c825e32b8f6
SHA1 661ed7076d557b0a1c7a61b4a2adc72e29e6f047
SHA256 8331f6364c48e3ceb95d2eebe6b8c2ac0a71b5a49c4b76cf0a4ba2b3d2eba89a
SHA512 d6ec39ee894c2f82051e9643a5a2356dca60b54c4ca1ba70d67e2008c12f92fac406129485bbfe1ff0bef6a4ca079065cf54989e83686abdac627a27598cacf7

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\1L81QOOZ\www.roblox.com[1].xml

MD5 27178f0d6d00ad0abbe4d666e39e73f1
SHA1 e8413806bc7f1b5f03da980e3b19f34ea436e1c8
SHA256 43b00f87c0b103df0806ceabe31c3b8c12a66f6df881671f6907893625bc817e
SHA512 c72bfd2eb9788221aade45583bc9a0981e598aa943f8ac083e5d06b6275ec1d848d23f4b3bd977f788b9818f8fecc1331fa3834ca41d8e758d22b60ebd37e2b2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5f5nsah\imagestore.dat

MD5 4a9543f125bfcdc2be5180b4775500e1
SHA1 7b8f9519a8ffd32b9485f7f4089b26ac49bce638
SHA256 7d440d5fb2aff90737f63bbb779a41e670acfef2f2d2052b697860e8532098bf
SHA512 82cdc8ee6a267aeb70ca410e4bec9cb9e3cc73e406708f796dd71dc24a34f29e3d080041f79123afef8a3552d52ec0bfb694c328c49288a96b25fb067f7f0b62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14fd5924bccd9bfe039c0ca16a2e9a89
SHA1 e2aa0eb3c3b0199fb50e37a623ceb62ca88e4759
SHA256 24b08da33e4cd6b7de3974946d065bc3949fb45565a2a80c2d477b49a54ce6f2
SHA512 0d279c2103aaa79886c656e41c0e4cc70001ce74f17bb19dd197432e8a64a9b172f870149fe32ec774f004fa21cab6fdb78d737d850f930bb7672c6a7c4705e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fa9853b837df3cc2df9e3d73979f5f1
SHA1 fb87befcf7f539a58f88669a98e02b15eedceb6c
SHA256 6e272d78a9a983ed38b3487f6d8d3a8814d5ebc2e807d8287560f1aa2586e982
SHA512 d1ab7ebb03dc3e6286fd6dd4315088728fcea218e653b9b3c93c4ac32cfc96bd57215e386c18def7db8435c493cfd5b406ded0591edc6bd05bb13f574312df69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a97fe6ed4b3f09fd86cfd17cb6c99f9e
SHA1 a230841cfc456fa858eafa37f9ef8d25c01d2e40
SHA256 87ce83b88b7de98b5aff9693fe9e5ba7a66fc72dc45af1e86ce90eee8a584740
SHA512 00404cfa132d1b227bbdcb40be0ee86832d075740ab257f8e4ae1a5e154402dc9748b37b833f00c05e62ec3740d2b40164165a710d28b4aa46168d07a17c435c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3ba8ffb0feb0bbac5375c5989a45ce6
SHA1 17e895b0f203a49211876c7f0bb5a7c060698516
SHA256 d09c722019dc5070bb89726e4df51873786d43c4f2e411b0a9f1d0d17945707c
SHA512 fbf3ffcccc824c9015a7054229326648f7e82c1fff60bf1d81fa974c03ac66f6666c787360d98b0ca48f9935dc0279463c894b50a44c40887f1837fa91918928

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3937db1daab922bb36a2f817f6127496
SHA1 6c8416b05149616c89fafdb72005e610a1f0951f
SHA256 7b364b8e5c07a7a4a39380d81aacfcfff0927eb56ddaa493561202e733abb34b
SHA512 161b1e76454191b839dbad457bc75aa4802a0668a0821ebaa7911cb797107629c6749ee58b5ba0d56e17117126b4c3bd74a435d7da2071fae628b30225d75551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa3e74386e5221883dac3263522e70bb
SHA1 677850228d6f8db6d4b286cff89dc705db30b169
SHA256 a9e4fb598d781afa9e8281f6a6d2d8a430a00fd786fd99a2c794b7a1add04e49
SHA512 b4011e096a30c3a66eccee014a18ba61b9eeb2ef604fa4e2e87c3f678a2b493418d5a0d35060d756cb415a0c1fd39cfcb7b05852a2f92402842e458b8723df31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bbdec321ea77fd748ba4c243bafc3b8
SHA1 2fb268b838fe5e7fa139bf4013f58b1fe25fb3b0
SHA256 60f689b0c86ecdc90599ccc34d50f60b7f83ba417d37fffd43d3d556c9a9cc9a
SHA512 c23366819056d456fd8addb369f2d1373484b17a491db68f44ec9a42a5d1cfd7b9a6b11a1d6bd302b94fa078e6448d46cbdcee19f1c1eff989d90af3d76d2d59

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 140c6b2a418ef9c8d1fa8cdf1ab10319
SHA1 a95e79721e3f7b42d3023fb0cd64be81996e7833
SHA256 8268c96de75d146fcbce79c99f58b4532adac85fba1771060d42c9a40a5e6b6c
SHA512 847d6c049cd4dd340f6e8f56b20c903ab8d2c3fd5aee93b97b1624a1987af11a5441537cf8d4b289637518901013744f7b8dbe9abb310b58ab148afd9febd2b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 898a71b8e7162c6ac00b26d25f826a99
SHA1 9eb991c12f7c55c08861e0af75e31df8aec5f219
SHA256 c18fa7de220af5cd55a81e59c41ebc6e39de9bfabfb7dfed3a8d7666298a6b30
SHA512 f79916e6e7a313ca28ad52a7e91584c89259e62d2e16652d470d2400880375277277066bcca8098c7aeb627244f42d505ba950ed33d19956483f56aecc4b79b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce26281629c317d525f2ac4a581a5f00
SHA1 807f2550750f7eabb5cdd2fbdaab45590c4a3424
SHA256 d00203a6b29cc802402a72429066ce2d4659e5b8155e2ff7f2cc0c81b799ffa0
SHA512 a9ac341845b1db6e3a723d682130386067cb708620e95d8b71077a45bbd66103ab1fc8f8741f61bcce50bbc72348d67769116b2987068b7c507d59bc1a1dbba6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f87ba7cfc217496dfbedebeba4fd2dca
SHA1 e7e023cbc7bbb17ef6549cf093a57b575e417ed7
SHA256 9c6cb09fa37ce6a1e85384fecb59a547b345351bb43e0c10c1c116822e72f67d
SHA512 e5af924b2110a8b5c2c356be45d5f062b2a7993eef15d537cb58caaad3bc4f346e89ecb7d1f9a1ebe745f4c71c512555cdef8e1f81a415639750714290370484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 fc6d57f48ba2738b3a9ba8c214163c66
SHA1 16e56ba174b780c092eb960ec01da5607e4d9f49
SHA256 231861f02686a510323774a9e83a44251db9953294f63e2f5c2dd923aa171b96
SHA512 9c144ffb1a3000c3162e37026d4e8830083a95f89e41cc0d9a18cda9d8b0fae259bbb2b738c59b6156f3c8e41b6e3dbe158d20218b17bf5ad32000c16901d9b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6b3a1fb22bcecdd59a7f983ff453975
SHA1 974f35bdd9804e2bbf270d2425b0208d6a457b75
SHA256 5aa479df8b22b213f2af1f2a35f04109b26adac65b9191fe6ec6deed3ce656a9
SHA512 85ca4aef5cfbda40f22c89cbd1c64f4de1b7e0cf9469c7c92ef505a15759b3f2af3ec744f0f2e6f9388e201b7d9536b29702be3d25c8a37aafbdd43de529b09e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae94c5c4045e8a8c82c945794fb3242e
SHA1 62f7a7f74e854b71d2bbca46c25b5a8b22a8d612
SHA256 8b530ab0d211a66446e8ffb54b9318a044059dbc4364941e81c44d7a0f2f4bb2
SHA512 bb5a17d83201a3c5148f577087962c009a631ea1c4f1b3da01d126977fde605f5eb6ecd39d680eeb12337912ef04704ddf7c58e7e8c69a2f7c294b042552812f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0392696b4ac41ec48ad01e9c7f762d4
SHA1 cccfddc51da26b09d4e71932a1faa5ec1410c38f
SHA256 82a8abfec5b0e06f11847b1945114612a61cf36e6fa281a46a0df1d55da45390
SHA512 ad1f3f080f13ae96e8578f06cddc189dc61d1235d0761628841cd78301aa8ca65cfb884beaa9e1d5d907cff85d74cb441b4723480f2006b2ff0ed7fa86d2b68a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89869fb199f6e4bbc9db4dcfb9f77e83
SHA1 8a942f5fb0371fee91bd9e6008c5b3a23599f977
SHA256 2bb6e93e51a5e4f1807046428f5055c903b185a91b17b2f7b30b27bf8d0b64fa
SHA512 ff047bdf5c7840b0dbc7853367bf63ea0fdfe3554c7b4a0ab6f6d672aa6278b5437c2af458a5672d8fbd427a5d25321db461ba3e574247e4e56dae1a5f074ddc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3954a639660f29692da7659efb54023d
SHA1 7014e4695a2cf9037f16e06fd5e4efb635227a10
SHA256 95bdcb35732292b4d59c727a7f9301ea684c9a337ec026cafa35f02f7125bb2e
SHA512 9476ca5985bddc0a03f26f56cd255d918148133d86ba49057400a73f462aac7908d6ca88c298a9b04fdf95d371baa4ed68ad9c2bf3818f954f85da8f0e34d174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c845fd4120e082fdb012da58afe3cbeb
SHA1 2f27cad07ff49c0eccc4730a9ce036d6efbbb1e5
SHA256 dd23f342d17a14805493cc49b3ea3cdd7cb7bc89ef06790ef4849728f394599a
SHA512 60c7c3444764f8bc90d275705ef5c44c49f3d6a005c246c2fc32deca05ba98f30a45219e9e1f195fd2f500a4c1c971e8183b2e380ce6b64d478c04d47c81c78c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d2733ba1c0c35ec0fc6ddafa42ad874
SHA1 8f7d78787be37c2eb342cd1347a600cc2cf6d9f7
SHA256 aba7dab473d5a0fc8a2f865c1cdf9bb16fa8110b6d5eea9611f3110566efcf7a
SHA512 7bcfecc7047c4907aa3c48f528de060d4b07d6a067f63c59ab42b4b24d81452857ba131189b1f189e7550fb60014084f28311d96930c9140a883c354a4337162

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cd72cef587c9ab41b16c8e6ab494d4b
SHA1 a925b9f5237ed0344432cb2b826e019c81cff2c1
SHA256 b846ac20665a29d8e60be469cff7d57e827dbe2ccc36fd8ef86756e7a2e057b5
SHA512 49366b0e2168cd84a84f9f1d6247f31007086ad4ca732ec1b73b95b3a23067358409a6d1ca9466324a704b5466289e4b2719ba73f2fed40d12b97867802a3248

Analysis: behavioral2

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

win10-20240611-en

Max time kernel

149s

Max time network

147s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "432066455" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\CortanaVoices\\Tokens\\MSTTS_V110_enUS_EvaM" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga 006A gai 006B gan 006C gang 006D gao 006E ge 006F gei 0070 gen 0071 geng 0072 gong 0073 gou 0074 gu 0075 gua 0076 guai 0077 guan 0078 guang 0079 gui 007A gun 007B guo 007C ha 007D hai 007E han 007F hang 0080 hao 0081 he 0082 hei 0083 hen 0084 heng 0085 hong 0086 hou 0087 hu 0088 hua 0089 huai 008A huan 008B huang 008C hui 008D hun 008E huo 008F ji 0090 jia 0091 jian 0092 jiang 0093 jiao 0094 jie 0095 jin 0096 jing 0097 jiong 0098 jiu 0099 ju 009A juan 009B jue 009C jun 009D ka 009E kai 009F kan 00A0 kang 00A1 kao 00A2 ke 00A3 kei 00A4 ken 00A5 keng 00A6 kong 00A7 kou 00A8 ku 00A9 kua 00AA kuai 00AB kuan 00AC kuang 00AD kui 00AE kun 00AF kuo 00B0 la 00B1 lai 00B2 lan 00B3 lang 00B4 lao 00B5 le 00B6 lei 00B7 leng 00B8 li 00B9 lia 00BA lian 00BB liang 00BC liao 00BD lie 00BE lin 00BF ling 00C0 liu 00C1 lo 00C2 long 00C3 lou 00C4 lu 00C5 luan 00C6 lue 00C7 lun 00C8 luo 00C9 lv 00CA ma 00CB mai 00CC man 00CD mang 00CE mao 00CF me 00D0 mei 00D1 men 00D2 meng 00D3 mi 00D4 mian 00D5 miao 00D6 mie 00D7 min 00D8 ming 00D9 miu 00DA mo 00DB mou 00DC mu 00DD na 00DE nai 00DF nan 00E0 nang 00E1 nao 00E2 ne 00E3 nei 00E4 nen 00E5 neng 00E6 ni 00E7 nian 00E8 niang 00E9 niao 00EA nie 00EB nin 00EC ning 00ED niu 00EE nong 00EF nou 00F0 nu 00F1 nuan 00F2 nue 00F3 nuo 00F4 nv 00F5 o 00F6 ou 00F7 pa 00F8 pai 00F9 pan 00FA pang 00FB pao 00FC pei 00FD pen 00FE peng 00FF pi 0100 pian 0101 piao 0102 pie 0103 pin 0104 ping 0105 po 0106 pou 0107 pu 0108 qi 0109 qia 010A qian 010B qiang 010C qiao 010D qie 010E qin 010F qing 0110 qiong 0111 qiu 0112 qu 0113 quan 0114 que 0115 qun 0116 ran 0117 rang 0118 rao 0119 re 011A ren 011B reng 011C ri 011D rong 011E rou 011F ru 0120 ruan 0121 rui 0122 run 0123 ruo 0124 sa 0125 sai 0126 san 0127 sang 0128 sao 0129 se 012A sen 012B seng 012C sha 012D shai 012E shan 012F shang 0130 shao 0131 she 0132 shei 0133 shen 0134 sheng 0135 shi 0136 shou 0137 shu 0138 shua 0139 shuai 013A shuan 013B shuang 013C shui 013D shun 013E shuo 013F si 0140 song 0141 sou 0142 su 0143 suan 0144 sui 0145 sun 0146 suo 0147 ta 0148 tai 0149 tan 014A tang 014B tao 014C te 014D tei 014E teng 014F ti 0150 tian 0151 tiao 0152 tie 0153 ting 0154 tong 0155 tou 0156 tu 0157 tuan 0158 tui 0159 tun 015A tuo 015B wa 015C wai 015D wan 015E wang 015F wei 0160 wen 0161 weng 0162 wo 0163 wu 0164 xi 0165 xia 0166 xian 0167 xiang 0168 xiao 0169 xie 016A xin 016B xing 016C xiong 016D xiu 016E xu 016F xuan 0170 xue 0171 xun 0172 ya 0173 yan 0174 yang 0175 yao 0176 ye 0177 yi 0178 yin 0179 ying 017A yo 017B yong 017C you 017D yu 017E yuan 017F yue 0180 yun 0181 za 0182 zai 0183 zan 0184 zang 0185 zao 0186 ze 0187 zei 0188 zen 0189 zeng 018A zha 018B zhai 018C zhan 018D zhang 018E zhao 018F zhe 0190 zhei 0191 zhen 0192 zheng 0193 zhi 0194 zhong 0195 zhou 0196 zhu 0197 zhua 0198 zhuai 0199 zhuan 019A zhuang 019B zhui 019C zhun 019D zhuo 019E zi 019F zong 01A0 zou 01A1 zu 01A2 zuan 01A3 zui 01A4 zun 01A5 zuo 01A6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000008cbc32041e9947a37e0f59e6918864231489f2e39243e75b0be01c25a1a670dcd47e074b45723c99e023a199bc21d6148bb98a180f0b77ac21bb C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile - English (United States)" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{0B3398EA-00F1-418b-AA31-6F2F9BE5809B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Speech HW Voice Activation - English (United States)" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 ~ 0009 aa 000a a 000b oh 000c ax 000d b 000e d 000f eh 0010 ey 0011 f 0012 g 0013 hy 0014 uy 0015 iy 0016 k 0017 l 0018 m 0019 n 001a ng 001b nj 001c oe 001d eu 001e ow 001f p 0020 r 0021 s 0022 sh 0023 t 0024 uw 0025 v 0026 w 0027 y 0028 z 0029 zh 002a" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "You have selected %1 as the default voice." C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "407" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Discrete;Continuous" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SW" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{06405088-BC01-4E08-B392-5303E75090C8}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "105" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Spanish Phone Converter" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "1033" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4328 wrote to memory of 3796 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.80:80 r11.o.lencr.org tcp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 8.8.8.8:53 static.rbxcdn.com udp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
GB 18.245.253.62:443 js.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
DE 128.116.123.4:443 roblox.com tcp
GB 23.56.238.91:443 tr.rbxcdn.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
GB 18.244.155.22:443 roblox-api.arkoselabs.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 c.pki.goog udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 38.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 124.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 62.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 190.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 91.238.56.23.in-addr.arpa udp
US 8.8.8.8:53 22.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
GB 142.250.178.3:80 o.pki.goog tcp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 4.21.116.128.in-addr.arpa udp
GB 2.18.190.73:443 images.rbxcdn.com tcp
GB 2.18.190.73:443 images.rbxcdn.com tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 atl1-128-116-99-3.roblox.com udp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 128.116.99.3:443 atl1-128-116-99-3.roblox.com tcp
US 8.8.8.8:53 c0aws.rbxcdn.com udp
US 8.8.8.8:53 nrt1-128-116-120-3.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 aws-eu-west-2a-lms.rbx.com udp
US 8.8.8.8:53 dfw2-128-116-95-3.roblox.com udp
US 8.8.8.8:53 aws-ap-northeast-1a-lms.rbx.com udp
US 8.8.8.8:53 lax2-128-116-116-3.roblox.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 lhr2-128-116-119-3.roblox.com udp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
JP 128.116.120.3:443 nrt1-128-116-120-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
GB 108.156.46.103:443 c0aws.rbxcdn.com tcp
GB 108.156.46.103:443 c0aws.rbxcdn.com tcp
GB 3.9.224.67:443 aws-eu-west-2a-lms.rbx.com tcp
GB 3.9.224.67:443 aws-eu-west-2a-lms.rbx.com tcp
JP 52.199.30.94:443 aws-ap-northeast-1a-lms.rbx.com tcp
JP 52.199.30.94:443 aws-ap-northeast-1a-lms.rbx.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
US 128.116.95.3:443 dfw2-128-116-95-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
GB 128.116.119.3:443 lhr2-128-116-119-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 128.116.116.3:443 lax2-128-116-116-3.roblox.com tcp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.99.116.128.in-addr.arpa udp
US 8.8.8.8:53 103.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 67.224.9.3.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.95.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.116.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.120.116.128.in-addr.arpa udp
US 8.8.8.8:53 94.30.199.52.in-addr.arpa udp
US 8.8.8.8:53 183.67.204.143.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
GB 92.122.92.32:443 www.bing.com tcp
GB 92.122.92.32:443 www.bing.com tcp
US 8.8.8.8:53 32.92.122.92.in-addr.arpa udp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 8.173.189.20.in-addr.arpa udp

Files

memory/4228-0-0x000001D15BE20000-0x000001D15BE30000-memory.dmp

memory/4228-16-0x000001D15BF20000-0x000001D15BF30000-memory.dmp

memory/4228-35-0x000001D159490000-0x000001D159492000-memory.dmp

memory/4072-45-0x0000025A40C00000-0x0000025A40D00000-memory.dmp

memory/3796-66-0x00000279D73B0000-0x00000279D73B2000-memory.dmp

memory/3796-64-0x00000279D7390000-0x00000279D7392000-memory.dmp

memory/3796-68-0x00000279D73D0000-0x00000279D73D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PFMCZV3W\api[2].js

MD5 612e612ebc922b19bcda0a4899a50a66
SHA1 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c
SHA256 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3
SHA512 a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77

memory/3796-378-0x00000279EBCE0000-0x00000279EBCE2000-memory.dmp

memory/3796-376-0x00000279EBCC0000-0x00000279EBCC2000-memory.dmp

memory/3796-387-0x00000279E9F80000-0x00000279E9FA0000-memory.dmp

memory/3796-388-0x00000279EBF20000-0x00000279EBF22000-memory.dmp

memory/3796-386-0x00000279EA0A0000-0x00000279EA0C0000-memory.dmp

memory/3796-395-0x00000279EBF60000-0x00000279EBF62000-memory.dmp

memory/3796-398-0x00000279EC160000-0x00000279EC162000-memory.dmp

memory/3796-408-0x00000279EBE00000-0x00000279EBF00000-memory.dmp

memory/3796-413-0x00000279EC360000-0x00000279EC362000-memory.dmp

memory/3796-416-0x00000279EB780000-0x00000279EB880000-memory.dmp

memory/3796-435-0x00000279EC510000-0x00000279EC610000-memory.dmp

memory/3796-478-0x00000279ED330000-0x00000279ED332000-memory.dmp

memory/3796-480-0x00000279ED340000-0x00000279ED342000-memory.dmp

memory/3796-472-0x00000279EC7F0000-0x00000279EC7F2000-memory.dmp

memory/3796-476-0x00000279ED310000-0x00000279ED312000-memory.dmp

memory/3796-474-0x00000279ECEF0000-0x00000279ECEF2000-memory.dmp

memory/3796-497-0x00000279ECB60000-0x00000279ECB80000-memory.dmp

memory/3796-506-0x00000279EDA90000-0x00000279EDAB0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PYV12400\www.roblox.com[1].xml

MD5 eda7ed43b92cb60e3f241b9c4d942147
SHA1 0634314793dd9469aaba616a0faecb424b829cb4
SHA256 a15fa76db7200f2ea8c959cb4bd641d534afca1e5d8dcf7ab9620b68ef008152
SHA512 a6bb0650fbd33076011324ead38520de41b94cd2dcf6ad8266e936fe71932ec16a62f9bd581412f049c3dbc1404c7b454bce3ddb08b8760a88ef250c73dc8c58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PYV12400\www.roblox.com[1].xml

MD5 9f201f192cb12dff48659e9ed5ed4a10
SHA1 25c2b31be8a1d339bfc81d545475a3c118d31e74
SHA256 fe5086cfb58c292543a74621f11aeac220dda1bdb2109f97b9a7c34e3ad9e985
SHA512 df0a070a5a60659ac2052dee3463c5cc07b34a5e12c93e913b5e29f2a61a565dd17dda7174eeb91989fd45893f842d0d15d8e07a9cd33c813b61ce5cdafd57c0

memory/3796-747-0x00000279ECD80000-0x00000279ECE80000-memory.dmp

memory/3796-760-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-763-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-765-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-767-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-766-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-764-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-762-0x00000279D7080000-0x00000279D7090000-memory.dmp

memory/3796-761-0x00000279D7080000-0x00000279D7090000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PYV12400\www.roblox.com[1].xml

MD5 97bb8c0fa1ec2e5c61f9902a8a0eb79d
SHA1 5a92bdd88d4f4a633d43309395f2b94fb0ea9155
SHA256 ff633714668492406eccda82c575bb4452850e5d2b3458e540d934cae90e9c67
SHA512 822d6a0bcf323366667ba9f46b475cb20bed298254f52fcec801b205c7e97de98ffc99f08910c31444c353b9946cc663fdb0b93f2e9ef0b2e75470ef77077c3f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\DV63NOGG\7bba321f4d8328683d6e59487ce514eb[1].ico

MD5 7bba321f4d8328683d6e59487ce514eb
SHA1 ae0edd3d76e39c564740b30e4fe605b4cd50ad48
SHA256 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54
SHA512 ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WRSRF8W8\funcaptcha_api[1].js

MD5 759ab24cf5846f06c5cdb324ee4887ea
SHA1 41969c5b737bc40bbb54817da755e3aa7d02f3c6
SHA256 7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471
SHA512 3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\PYV12400\www.roblox.com[1].xml

MD5 164e01d6556bdd4825ee75de51c923e8
SHA1 945825bbb1af71e7bfa830c9d97f2b6dce5e6b77
SHA256 fe95794a31f09838e6a2d6e01d18fd65440a96a525bbd97e45c6206281a5042e
SHA512 0c59bd669567b70aac88febf58739bd06693ad18053adc684be97830cc41d4840814fcf90237595462e20e854b534e24e644e6d37c9d5fd00629880976fdbc7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\I3ITYWGW\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral3

Detonation Overview

Submitted

2024-09-02 13:47

Reported

2024-09-02 13:50

Platform

win10v2004-20240802-en

Max time kernel

145s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1028 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 4812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1028 wrote to memory of 2796 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87df646f8,0x7ff87df64708,0x7ff87df64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,7847427818839843275,9490565046371373304,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.roblox.com.bi udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 108.138.217.124:443 static.rbxcdn.com tcp
GB 18.244.155.96:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 23.192.213.154.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 65.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 124.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 96.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 107.39.156.108.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
FR 154.213.192.23:443 www.roblox.com.bi tcp
GB 2.18.190.80:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
NL 128.116.21.3:443 roblox.com tcp
GB 23.56.238.80:443 tr.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
GB 2.18.190.75:443 images.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
NL 128.116.21.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 80.238.56.23.in-addr.arpa udp
US 8.8.8.8:53 3.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 75.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.21.116.128.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 mia2-128-116-127-3.roblox.com udp
US 8.8.8.8:53 cdg1-128-116-122-3.roblox.com udp
US 8.8.8.8:53 aws-us-west-2a-lms.rbx.com udp
US 8.8.8.8:53 pulsar.roblox.com udp
US 8.8.8.8:53 fra2-128-116-123-3.roblox.com udp
US 8.8.8.8:53 silver.roblox.com udp
US 8.8.8.8:53 iad4-128-116-102-3.roblox.com udp
US 8.8.8.8:53 gold.roblox.com udp
US 8.8.8.8:53 aws-ap-northeast-1d-lms.rbx.com udp
US 8.8.8.8:53 aws-us-east-2a-lms.rbx.com udp
US 128.116.127.3:443 mia2-128-116-127-3.roblox.com tcp
US 128.116.102.3:443 iad4-128-116-102-3.roblox.com tcp
FR 128.116.122.3:443 cdg1-128-116-122-3.roblox.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 3.142.117.114:443 aws-us-east-2a-lms.rbx.com tcp
NL 128.116.21.3:443 gold.roblox.com tcp
GB 128.116.119.3:443 silver.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 44.231.178.77:443 aws-us-west-2a-lms.rbx.com tcp
DE 128.116.123.3:443 fra2-128-116-123-3.roblox.com tcp
US 128.116.121.3:443 pulsar.roblox.com tcp
US 44.231.178.77:443 aws-us-west-2a-lms.rbx.com tcp
JP 52.192.85.158:443 aws-ap-northeast-1d-lms.rbx.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.201.98:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.102.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.127.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 114.117.142.3.in-addr.arpa udp
US 8.8.8.8:53 77.178.231.44.in-addr.arpa udp
US 8.8.8.8:53 158.85.192.52.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
FR 154.213.192.23:443 www.roblox.com.bi tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dd2754d1bea40445984d65abee82b21
SHA1 4b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA512 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

\??\pipe\LOCAL\crashpad_1028_YGUOYCJKJMOJGXGE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecf7ca53c80b5245e35839009d12f866
SHA1 a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c83e9889669ea16a3aeddff329a93371
SHA1 68a2fabaa90e89af3db21cc1cc02e00155b21efa
SHA256 11201f4ed7388f2f12270030dec97200ae2adec337893ac1a2ab82ee08f7136e
SHA512 fb47d9a43d459a6337ee89145a18a6fe8ad574c71393f8d22b52d85ac7360d42a875c74a37b7ee798d0a47f2b65b68e1e1def11969c69ccae1910471cb1d25af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

MD5 6686b02b321706cea56928a49ea0ec2d
SHA1 cc1fe6199ccdaaaff0cae7915e37f506c7a35f67
SHA256 0e188067359ae52541d0c63eb4a19fd566caa8d7af16650d12c0f4e023fa85df
SHA512 3f84894adfae7fa06b0c8cc4eedd32c79f75568272a1e2736b4521327d296c1a49f240e1d76abe29985d39eebab98374c6bae6316098bce42ebcf1b7169dc098

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\119cafdc-b001-4120-a84b-8983fb340ef0.tmp

MD5 170c929a7f657ea1d396d91576e68f6c
SHA1 fedc4e0e98c4c2818e138c860fe66a221c3623be
SHA256 9e477a3355e8fbf31a3775d89d82df4c69cf605e6383e7057fe54a5b3a59de31
SHA512 305447c69fd36795d4cf0fccf89767724d477cfd4ae369a3f5006eff8eaa55aefaa606a8d061030d44c41f91f840b57bb753297196da95315b29d9a4d9177fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96d4bf84b608c9eaa602020106261d50
SHA1 f0add058522b181f77a3a610a6af04f168386e5f
SHA256 2ebc54f60938e79e3734fe8348859775e0b53dbea757f532151c05f34aef46a9
SHA512 8914cb2af40d5b235d19d046a4b2c765fa3c37ef17027134d95a27113d42098413eba4bfe985859f90da9c92268b09852375fb874d923896c24ad805328f80c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 05294517daa794acf42b55b19d6f46e9
SHA1 9123101fb6364d2e04d23799f0ea18e28f23d3c6
SHA256 b9c2c40a88c263467c13c0cdeb1a28035f1c28594cd551233b819046a1228f4d
SHA512 7d07c6e64bf780accfee7e37b3e1db21ab9b7682b1eb3c675201910603efa2a49524e0b045cb86b1c2cb5a610991ff65732e01ec796925d3395331bdbc9ad1e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d699.TMP

MD5 c7477c089f639d17f2b62f609d5ffce4
SHA1 f5c052260149ad14e57e5e4a3f154d09f57a1ee5
SHA256 2adea9077e0bb05dc86aa3ab633cd5aab6ccf7f9f76b18e8ba3b0152a7b94968
SHA512 63c7d0e236f5467c246980de2e74b545702b1eb1c5c64890a9b9240af44d5199e769ab3bb1452ee1987c63464a6e3f4c26229b5348801854cef4db098e4c3293

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6f9ca5f4b926b1f24aeaf53ff2998529
SHA1 6b8592af6edaceca3c5b1e0c27f62cbeb8c869fc
SHA256 266fec6609de374ade66a4d387cd48d8c2fb979d3700f0539ab9b11e96a52fec
SHA512 d4e3d2ca5aca10c87223ffd748718fbeef6ff48c6d64f8efc62d6b9b3bb6a4255c14a5625e6f84585a979e227c55753d1b0305b7bf976290b1e76530aace96c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a384520a0d94f581bdfa4889403ba8d1
SHA1 27bdbd21bb2a626ba281e31a9af340301da27b78
SHA256 6948da9bb7514f9f88d05a72ff946af08265aac958a05e125f580302416b0066
SHA512 df7284c8632785c5121e81323ca5f622d5779de35909ba5d45d2813d6f88f63c9614a5c2eb67da98d7cc85844079bb4ef64b3503ddbaac4be2eccd1aa0799026

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7ffe893c948a91c409676f15a6ddb6c7
SHA1 8bd4a302ab7198f360a2a12fc94d347d46ad28f1
SHA256 714af574da8eaaf85eedbe49311a98644caa35a8ca77568fd24ff6cfbbc7aa63
SHA512 517bd951fd31c09d1db1296152238c872cfc96aa47a8a2720779cc7a68736364321160f7fb5edab7c34a44a922d85ced5651090e0a953397194eb5bb7057309d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 baa2acf2bcc6c7858809dfcb7a9b5f8a
SHA1 ff663817e8055380cab35e250f578ab56a043935
SHA256 ce0611fb16b91c357abab8ab69b232cdf7057d210b0f5eadf704209b15f689b1
SHA512 ab24ed42733033c75ca5655fc0cc10fdcdd4fdbdae40b59716ccc3091213723c2fdda233f1979d8a0cdc8ee2fc674ebe6cd13bf81837101b62a10f382dd80c8a