Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.bi/users/5445740091/profile was found to be: Known bad.
Malicious Activity Summary
Drops file in Windows directory
Resource Forking
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: MapViewOfSection
Modifies registry class
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-04 16:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-04 16:23
Reported
2024-09-04 16:26
Platform
win7-20240708-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000f889c59fcd4cae2d50cbe3b4c6b645b294dd712f6249848c01f44b74551f9da8000000000e8000000002000020000000dc2271f9feae3f0f11afac3b00669543a89499448750ee27a768e40fda6cf93190000000487efda2e1c55d8138ed17bc28f94ac742e13d50acd38402a6ec73b3fb9d35863a26f129d4ab0e65346f0274b83d583bf4e7645c03dcb95ccaa3ec82ff8697c3dbf12afd5aa26c685d738bfcd49a844a3b1507130d2c6b936fa464f34c961b6e246d399099ac5ea306ee2c09a9b1f53b80440a1750f9da8513bda2220eb3163bb7fa4cb547b4c26415e276e6ebfbfab540000000994cd78c407cbe79632366a2b923c30015b8d437084cadb157b9af0590f92c764b7afd931889cf175515b02422cc8cb857c82e66e4c333b9df2135fe8fe70fb2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431628913" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "82" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "138" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000476f1a1a5cf96bd65ebe0482108790d98e92934ca39e447fca49e427c3515cac000000000e8000000002000020000000f9f8ebe47265008ddcf851d93a037b33d66dc0f804f10df5eb681ecc81ef63b1200000006d873998e378e8e3428a6de3ed56b28d4ac7bc47e6543605e6f30599b1c86c4440000000c8e6a2ae8d393006b928a88008f59d14f16309141022f7bfcbf41bca47b2a9b4c51c154957ae79d6bf473097ab793b98d5d235d220ded4aad5ac120c7dbe67e8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "21" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A96C531-6ADA-11EF-B5D6-4625F4E6DDF6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "49" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.roblox.com.bi\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "167" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "56" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2292 wrote to memory of 1768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 1768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 1768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2292 wrote to memory of 1768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.115:80 | r11.o.lencr.org | tcp |
| GB | 88.221.135.106:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.244.155.10:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| GB | 172.217.16.226:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.18.190.71:80 | crl.microsoft.com | tcp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab93AA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar93BC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 4f6b6329084355e2cebe91aa75592a96 |
| SHA1 | 0b0b5e0ed50ed74ae191ab7328fe91a0f69ebab1 |
| SHA256 | 531911e8411389cd3b9164004b2440c3bf6f88e65306836eb475317ceae7b21f |
| SHA512 | affb42fa1910b9922d57d9189af87d373e14b8a14dc605d0ab0716d13961ce389bb0035b191aa4392a718d00edfdba777ace75657e81c46f024368fc391f179c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | a6b3ec1456cb4491c8f6960004be6b63 |
| SHA1 | 4d0edfec1c14b471c4044af35c22fb5569fa316c |
| SHA256 | aa4f50bd5f90715416d4cb78f7f848c4f1a53a9c50407eb2e0f3a1a40b8b2871 |
| SHA512 | 3185d5ddd0eaa459ce78ef4bf8cd908f1671dd692429609c9d1807bdcdb243ef839ba9146b2259275f7c1f939877f8f61fdd5eaa14eaf1df1e514addb01cd8c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | d204fc0d01e7521ce996954c1ecb81e7 |
| SHA1 | c8cdeb171b3475d1c42ef2b5e3f7c70c2a3497e2 |
| SHA256 | 89aa604929285e92d9546b4595e8ebc237da9b06df95dcbc2c2d9a85f6f71c07 |
| SHA512 | ea189463a97870a25b2dd393037515b13d498791e8f5a52bdf63ea6c33b386c0b040471aa65688e5b0574eb6167f82ec8c8ee96b5c09a40b64fd3b5ed17e5b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 2f9d85585560107347472f4912ef080e |
| SHA1 | 911453ecb2c4d8663151411c1834d92b1659172c |
| SHA256 | fcc2920f72a4d0b340ccffeb7affa6710ace64d35b94bdb841d6e546e176637f |
| SHA512 | 9f50ad433b1034a8fd0f613ae9c650a30a161f85bb53ab6fcddc8a23651dfcd59cf2d7880e523f7cbd9b691f33c7730e5321b0dfab029bedc3db77e7d83af9b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d060da1c571f4a070825e2d092d63dfd |
| SHA1 | 6bf43aa27299472a42c6c0280a3695063cd50d23 |
| SHA256 | 7327df5bb01e84815c5f00316f02887175f47f0624129f498b9c3f9c3d691d49 |
| SHA512 | b1326e8c21b6dc450c8e82cc462f5963b4d8dbb3e82113267afe51575c289679ba419901afd3836f7f80974783a39047fe847167652f5a3812b44c0c1a8c7701 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
| MD5 | 1e76b4322cea80ae4c2bf8a8d1f35ce3 |
| SHA1 | 29aea00c9457062c89a15a58c5db52730b2455d0 |
| SHA256 | afc1234cb535f4b6d8807b8e22a053f23a454eabf6d30b06ca1a7148225bf0f0 |
| SHA512 | be80be5e7017b468f627949b3710a57f87c50a01ab91174f63ba1041d4efa33110ace28519d9c9b5f7cb8010829db63ee72a7408080eca20ed5e866f5dacf8ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f49e2ff46cd7ada61e899aa937fd135 |
| SHA1 | 3fc3a8a380b576e2a4bb9e00181214cfc07ecf4d |
| SHA256 | 235038761c13c8aa03acc8c7bd89f1c57b3c0695bc049a7fd04306c4840b0866 |
| SHA512 | 9732f2b3f65e7ea512b7f51627842612a072cdcf09032fde313c4d5a4c3c56df8f57ea372236b45d372315ad635a2979b066fe0f78ebe8647e1f6b2a17649294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 626f03cf401aae5e6fccced340e8c5e7 |
| SHA1 | 3194b97c9020858092c8d7cfcf4e3569ccd2ae47 |
| SHA256 | a524dc115004171a92f9e72ba2a5eb9d890a13c42df15398fb5553357d499c5f |
| SHA512 | a70fffe29a1c5467822f884af25980d7911d0987703c132beda46babd7380dfb0ceaf8656b08766319a1cb0038ba8ff9424387f6cc2c07a01f06c2447de94309 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8eea42268f3ccc7db7c4ca7da052e81 |
| SHA1 | 88bf688b942ebe8cc30c5d5ad7ca25831ea29ae7 |
| SHA256 | b381090350b9471c5a650dd495261e6f83f859d61a53d99a57d4bd922699303e |
| SHA512 | 6852f6ecced3a1087e7011ded11032002697a5906ec9cd6ba02ce2e189c3c08144c0d51d53bf432f63ded00a62527ca95e6d7f283bff6ac62f8c9db281ad5927 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 34307774fc60979f8e551d7f2a8f7a85 |
| SHA1 | d3aa4ae3dcd4760c2051d745dc0403e783ec9b67 |
| SHA256 | 20f8c07db89ddf20c0c4b415725e606d7f0708adc64494b343b5450416b9e801 |
| SHA512 | 6e0a804fad30cec5e0759495cb6fa05f4f836cf41121a3f4e5f76fa098adb78bc205466a50fd225aa3e15b8f923ee0a6275d2ef603eb6c09317062d3b2d44a8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f438d0b3d634bc007a1bf92bc91ccf80 |
| SHA1 | 5bde9eb59408b826ffba71f2bc4e1bc5d861b94d |
| SHA256 | b988d649055dd32d1f022f624f5bcb84c603eff2472ae15c986eb9d4f1c416bc |
| SHA512 | 6b47cbc3b77d78eb06c4c2eb33afe67b11d86dd634b655a49205d37565efb4e713a04f379ef02e193b1e0f97d68ad3c23e79c20187ef4b86b5d85542fb6988d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa00d7bd258dad05bc1c6d44232c7541 |
| SHA1 | 4e28c1d8dc315ec997ebc5f5558666796ae6ef30 |
| SHA256 | 7366998ae5227e06c7d925186ebb93946138618063252fad069cd59f1726ec5e |
| SHA512 | a36e2d0682c3c109d10a76a0a5b31247d2b925681e7d9e7e7aea2a2d781dc77573ada1071a694452dc931f4c89d4e19f49a5de8ab1955be73c381e29077a08e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20baea21ec2faca56f0e8232a256e05a |
| SHA1 | e3ba572ed58705cbb022c9594d38ce5973f1a995 |
| SHA256 | 2c8c116665d7b7c24273c59d3c25f14b6d72eee967b67c13cbb02e4e6fdc2359 |
| SHA512 | f76399773df8972699ff39b8f7ddff5b59d0666a013f8335565eec0e500d5b68f32ff1ee6732832f3bff91e83014cf86fafda8fcb01ae684a28b0a05e209d527 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | 65e60c060db06abedbabe83c345a72df |
| SHA1 | 1da062d4dc47b3ce0671b44f27fe53a9bd696fac |
| SHA256 | 7b5eedb53cba50747ac778336ae7881fc36086abca5db0bc3c1598f9131da3f4 |
| SHA512 | 554354245ee210691189c117ae9b020a9320a2b85c2b99ca369394523c86dbb975d493a4c2f29aaf645f9bee41b53b3679a2af21e06c628e19d6e2421ca82378 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | ec46b914a13b82480fe4bc2f67316f2f |
| SHA1 | bd517e11266370b9692714318c1b9df2af443d37 |
| SHA256 | d4c8851f76f01e67c5c4a3cdec546234af821ad858565594ed0b9a055628e00f |
| SHA512 | 8dbc7e78f8703b15212ff7b5a4b91e09bbc74b94e887dfcb7f598d5c9ad34b89c96d46a541f2d484d30bf2d347eea0b49e61e2418b5a6c0efc753aea9c8dc851 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPQ313RR\Thumbnails3d[1].js
| MD5 | 50dbc1defd4bff19199ba7c26d92dca5 |
| SHA1 | 93637a64e01ee752db1a5710436a1a191a90e614 |
| SHA256 | 51a1e8c851e8707e1e6608153959ebc8ef7f1f7e527a85e2b65f39fed5c1b917 |
| SHA512 | cd36d43aa084e910fa09eac0923b9ef062f1b1e18c06e4460ef7779264f850e905ae27de619bff9ad76444027af02bb96faa37bc9bcb73a496a17ef26d9fae05 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | 370d3a3131c6215c7ad94b5928be51e9 |
| SHA1 | b8577730cb01fe1f82b4dd7a7557a5662a6b04a7 |
| SHA256 | 4ffbb78313dcf66da41510c4d27551f24f7a7079914e3aefa9f08f0a34d1b5ee |
| SHA512 | 2b84dfea6675665ddd4b89baedc94fbd380ab20e6173721034cc07859b856f6212b13b49059a4d74d3f838e464251a71c801ff175e12ff15c6223fb7cbc0a9a7 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | dde996f10e9f57f1e0312c80d96a014d |
| SHA1 | 0878760df22f92d0bf90a6ab30f7cbff965579f5 |
| SHA256 | a82eaf1ea5a3604d425fd10274aae289cab92a6ce8644b12abda3aba6238a0d3 |
| SHA512 | e46f3160bc0bd225f6fa1fdab6847430874b5a1713b693fafdb0481e92e19bbb8959c10b794244518482a8efaf04f0e4f74155b8b06abf187211e1626ba11bb6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | 8413e510bfcaa46e02caf2ce65b13339 |
| SHA1 | b231ef61728efe5d8941a00e000fe56526ecf271 |
| SHA256 | c46558b448e45aa4bc3a274e89b42f4c335cc7b71ea444093b59c2e696e151d7 |
| SHA512 | c1894149aa88b2a90ba999f9fbdceab88439068bb31ec7add1f17a0d96f25430d88e9e87e9cc8be79a1c0bcb50e2b62678889f176c5c8ff384940ab663c99257 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | 5a02c356f3cabe1bb23ada70e7438144 |
| SHA1 | 05586eceb29308cd235c4f3455e97707891b0a87 |
| SHA256 | 21e9b1114374d9900fbbcd25aefeedb1dc9c742276e684a799668df857c497f4 |
| SHA512 | 7f645ee24ebe92375679393e3ccecdf2b1a03597d7c8afbefb64cd43e65aa29d03a8c3e51f424d149fed1e69513c365620e2379cca82f752ddbcbd4eb8193516 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | fe647e812b5ad4cc5f291a41a059470b |
| SHA1 | 82e0ad99d56d29358a4ea8dbcffffc61c6f8571f |
| SHA256 | 0c4db23527dcf5ade1dcfc5a7b62dee763009a43a6c15310c7d76a12babdc21b |
| SHA512 | dc2139f3c73cf7ca2a377a937cda5c19f6e419d91847e77b39e21650e642c9f60fcb224a175bc98b3506cc145c0c54513b61704e998dde4549ac672fabad4a98 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | 327bbb06cd3e13413f1aa1a0aadcbdc3 |
| SHA1 | 73bc89afd5436f2b0faeb6b6903b9d79bf55af34 |
| SHA256 | 60cf952f24aa815da8d8b0fd2e2eb86eb5d5ec5ddc7737e4a168b82e2c6d936c |
| SHA512 | 8b954ab43c0133ab2ce0a7c6608965b9acb1edc275f2624cfd44ef5c7d99a79438ad32df39147f3f431d78449cbdc50ec8ba87265715332c335795317e71b38c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\js[1].js
| MD5 | 00a4b6738cce88a4012152008dbc72fc |
| SHA1 | 95690a65ca222b11710c420405456081a5781a99 |
| SHA256 | f680cc8e663fe2c0f30d769a4e5f490e963c1245eb574f54ce042470bbb2a01c |
| SHA512 | d1b9dfb8610abc7320cb0156ae1934ec83df1b624a81921e334639d93aed4688f51f3875e4e9fbc1ca7f16305ff5af1996e42f852c19daad91e5ec3a175718df |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9II4FT31\www.roblox.com[1].xml
| MD5 | c9a266a57be4e8a8b9aa84c4e11bc026 |
| SHA1 | 970d4a051350657161e0078861cf51f7e4b1a648 |
| SHA256 | 7a0c4a268dd61306d2aad964bd6a53275352e43cb7c37b13f3c07cfefadeb5bf |
| SHA512 | f54d22d4c6ceeefd013a93efa43ee742e9fa9ec72fab97ca97db571f804ddd575dffe2d0828c1d6ce2a0b327dfb1bf55ce231653b0af55bf67e83881ad4439c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\CurrentWearing[1].js
| MD5 | ad1bc55c652bab8ca27f003fa9e51bf0 |
| SHA1 | 5ea936ead30d7e57a66f4d497c55740c15179881 |
| SHA256 | ac540bf35098a79ac82f73722c2cf72039a034f6e209b7ddee26ebcf14a0a486 |
| SHA512 | dd29a888abd2386593da3ea7b2b806c71989f69ff3f7fe924a149bd9c19c2993f0fb3ebe70c910aca38e95d9256b23738b11ffb964ba3c9c6c899b0c7acfefc2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat
| MD5 | 193743aef8863700a4e1a6e88da31510 |
| SHA1 | 994e1f93cd48a923305f31a2b1f93058a27f49ea |
| SHA256 | f6603b1b3c93cf51a1e54ec93c39be8404b90352d28cea42ca4d96939e14bbb8 |
| SHA512 | 0b9c6bfe26124915d5ea086df155db50ae7beb4ea60de1ea480daf97b9a8fa23e0302c00b8d0e967206a769cef8a93b0bc2d761224fa5dd80b786d1fdddf1605 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\Navigation[1].js
| MD5 | 67204d7834bff28aea262baaf74a4bb6 |
| SHA1 | 2c18091c612cf154d42466f13ae98b95a60be21a |
| SHA256 | 4985ef86c1eb30d93b1fb740da47b8672b4e875acb31c81d22684d2c3d602f11 |
| SHA512 | 33ffc5a24d2b377388b940eecc0ff57eba2cb2f188a722b069666f15d0261c72486f5473d95abd16f25d0aec29d7f9e1bc96936e0681cf2d6c77308338e9c71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2150e2dd99f5743b87c4262676d4259d |
| SHA1 | 5eecff6cb1aa4c99145a6099e8e90723f88cee9a |
| SHA256 | 706835cf3724b4150c9b9b8623f17623cef7ae7c2e1fc81f27f69f4c3be37d1c |
| SHA512 | 05113d173b46776764deb1586f94ff19e5e6cf7d31956e6f385277e8b40d5d72f271f87472f221f85e4fbaf24f667ec9e31ecaca11c0a6662c55f22eb62c0185 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6619f0595a9cd0c6ddde6fb7104f366 |
| SHA1 | 2da5859b0734256ac52e3f091a2aa1c7dddf4a47 |
| SHA256 | 45f78e7ddfc02736e3ee33332b1871093e95fed4e176d121112ff46878017ad3 |
| SHA512 | a48d359b543c825aafd0da40c9d9a1f7c09028e9a1d8d7a73558e5b71d8e8e8ed04a191b29d326327e36d906be0a9f7d0f81f4eca77757235e73deca6f85ead6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95752388479c09c62f10593a0693ae7b |
| SHA1 | 64adf14b5a101f569857ef6af37f72583bf182df |
| SHA256 | 4265f2cc686acfed8700a4ee6348a69581a3602a5f7e5b053577e627e5fc69fd |
| SHA512 | d6c92a6fe7578ca9ef5e375dcc7ae8852b0f927adfbbb985132f3e90d8009d746363ea621413c9bb3267018983e3fb02d0e217c9b8e31b92f817d46bd129a70c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c0a17ae658002b4f3ae62ef4a7f505 |
| SHA1 | 7ba926885a9869e7804a3f8f6fa1a178dfc24db1 |
| SHA256 | 801a510d72a6bad3a85734c33920493b03717ac54b929e3e30c1a49ffa9b5bf7 |
| SHA512 | bb1fe131c41a4744cfa7e640470b4b6bdf617428e88f2609290b7349add8042eecd603cf9a10aef3ec6b8faa1afa4259df6ec1979af76d91408f8b70fa4c6f70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a4395367ef9f8e7d78fccad0a05fd3f4 |
| SHA1 | 11ec635f8eec7724ebceae54faf5d0a700d1b241 |
| SHA256 | 6030d20dc7a8f6524b67bd694664984fd52bf7de29dbbc961d40e08a85883803 |
| SHA512 | daf2ab0a283e1009c93d000ec7d98069830ced460d586c3280b2e81d6a4f6292981faee32f3193ae20243895dba4498d84ad21e1f0c93ff18648124a68795f48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4869b04699a6d12f449c74a36a9c245f |
| SHA1 | 0c72d799ac74b40670b70eb02771360b1bd12381 |
| SHA256 | 73c198c2aecbee62939e9222832ac8c20ee060e79212c25e33c7ac67a7384ec1 |
| SHA512 | bbca6d6151484ad3a34813d39c138451317ef6d76f240592f3ff191f32e61a6399dd5cf6875d182fa15a43ebfa6214afd3021e58e5d6e51f7f728a80f4476444 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d6bf7761b3f2ae3d27368f7fce22ec8 |
| SHA1 | e1ba6ff6cf3536359087a32fb9fa103b9a05d8e7 |
| SHA256 | 78ab5b71b4fdc3443c320b68eb84b70b2570b8462bab83101927b14969141a3e |
| SHA512 | 9940059cfb5c8b3df8737667299198ddb675236651e1cc81d457f432fe8b66b71f22338347d788a79e31dc57173f3f36ab1216a0dc5059584e224f37e3df3a78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13e03ebd829d350d685b7d3b8da900fb |
| SHA1 | 23d5efb8dec3efc1d9359d991fe20d034c0a7e85 |
| SHA256 | 64f53c57334efc3d10cfc120a79ca1c0291e9a57e93dc2269f314d7c6c493271 |
| SHA512 | 2ea1c23a8fdd8027df3b94a3e963dfbd868bd8ea3a6b7baec7de220f4c18a399fad8f9248b9bd1d0837b72d9e7eed18c7feff47a77180bc4a486f995c5bb8dfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 740b7f4ffd65b3cbf0a8573907bf8459 |
| SHA1 | f261a60bd43fdef6f5e2f365d172292ab602351e |
| SHA256 | 03c84a24acf608b7de0536422cc2ab4877ebe790b17dc31c04ebcd776d7d59f2 |
| SHA512 | cc46336c84e4bafd7990e2c6f47216f2149547d39cb7d99b4354c481d44715d6082ac47aa5f618846cecc5d0a9b8833bd0084c3b4295f8374a33d644f1d4e84a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88829e33a450697e9980215621304f85 |
| SHA1 | c5330e17db41e7971e9b7f2889a7c103d0963e5b |
| SHA256 | 8210ac34d4e8e8ed6670cfae468db7e81f071eb566c46fbd8472fa6349a60b55 |
| SHA512 | 0f8cba3ce36767b7e4d90ddfefcd42a28cecdabd563d869cc11d10e3de99051c091d96c11f43a458779416f6dccc350e13ac3f29521a6c612870c983e978968e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c26c052a96c3fd06caf5dd6888803bf |
| SHA1 | c592b8bd382388aa85fb66a27eca45f10dd2a1b9 |
| SHA256 | b7b8fa16905c12fd04da88b818a1eba11fc319406893a0d51bc6efc10455804c |
| SHA512 | 65c03175f1762b1bab506a063520cb6925cfb51b0cc3a96208b1b2c79cfd48d778710a33d7614cf4cdd0d89bf33ca6ffbb627213887d695e41122c7b2f07b524 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 42a6550af9a578d50d7867c36df43d8c |
| SHA1 | 91b7472afce07b9430e566b62e5208566fa40fa6 |
| SHA256 | e4b173e54ea1d2830a084b635507669c22f118bc60ead9dbb69fedf064dc9ff5 |
| SHA512 | 72d0fa01d4df6ad72844a18b1857af7b10abc26e1ebd1e817cc95693cd308f6a88644d0a540e34dc803ec672aa11affd63ab764517b8ade77a22dd5b1fb15952 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0697dad971bb1a7c3d3dbce75627153 |
| SHA1 | 0f00b62ed38a10a4a41fc9b7bcaf83b45ffaf1b6 |
| SHA256 | eedf33699d6044c297fcd392d9926c59fafec5e38378f536cf3bc1c0113f3052 |
| SHA512 | 723de0db3e38656aa38cba85b8e0b3fb0691a4af8239e862eee69145e8062afa4c582da2cedd1529a3235223b6ab23c5f6f4e5764b50e71c25cc52b3713a63bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dadb2b8700ce6c7dab9e07e4876deb69 |
| SHA1 | 7e7b2a9255902ba7c1bae119bb8513e3d15308f7 |
| SHA256 | d2abfdbfb23151b5b2c6247e7a55cdf93d25547d918adf06e9b988484845602c |
| SHA512 | 1d7190a47ba6502165ac9c2b2b6e584b998ca747fe0dbe5cc60b0c1e0417815b61ec082f09b27145b9ec39e4d1a017d0011bd4d149dc35f9e5d531218404dc93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dbf55d79a9f9619bd36b52c36e2ab80 |
| SHA1 | a210864e0fde7d3a783ee5453d8161fb869d0871 |
| SHA256 | 7d04e2b4eaafac9359768892a002f874bacef0adc297bd4a6b7ea225e842d0ab |
| SHA512 | 1ff5b2fce20f41f4fd16fa56e7d22847cd9bab1c7d76617e6a07ae6695b3a32369d60d03f1a954b5237a6b995e440bdd8fb6d2d65ce4ac3673836f211e800e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d430537db2da963a08ec6a81d450d59 |
| SHA1 | 313fc19148de425e9555ca28fe0e9744355b59cf |
| SHA256 | 4a83dd43fd9a7a2ff7b6db57142dcad2ddae2ec07a5fe17f9fb40dc2ffc3cce2 |
| SHA512 | f31eb215544e1b59465711aeefbb89cc73f61248e45f66e316e881384bcf60c1e5073f2cb841a8e6ba45ff7b2dfda70511a667c954efcd737a971e626edaa12f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74952d6dbf73926a89d9994d89e81d8a |
| SHA1 | accd98e61c95f611ad13f8626648978c79528792 |
| SHA256 | a4d13503342cacdcec4dbdc37086847570ddc486966cd2856bf95156e0e51744 |
| SHA512 | dc49062bf371c99b39eaf969bda780b08619aa1c0b63dabc90f6eebba384a0476d396c93a8635bdebd2ab5e4756c41eeee88c98506093cae7938e37f64e9f379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5ea89662f8d791c157bbc4305849cd |
| SHA1 | ae9057a198821a9c79057832f3167677099a5379 |
| SHA256 | 7ca5a455bdd2cd5c3de05d0ecd1b25c133ac15e76fea8a5ee7b4e6a0bd8ca05a |
| SHA512 | c08ee8b353ce5e8f4f7945e86cc8a8064d5231811a7bcf8e84cec50433317fa442d5b951cd6060dfe7e4cca616f16d36c1b4695ba3aca9bf3e103f5511d1d2af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c271b87713c1a052965748bf1cc794ca |
| SHA1 | d2a0c09a959e30c2fa2e607983d6132ca8a8df34 |
| SHA256 | 92534f017287af940bbce4a66f1d9c61b648efa0de3b52510e5b60298f10b7f5 |
| SHA512 | c1b665073875652a13688adf3b379998c486dcef946f715d316baef3e61fc68b7fd4b5630e1bc2e9791f3880a387324a92e2d62e8669fc7715ee33c96e922b50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c82e7237021c8ff3f839a2d42de4e83 |
| SHA1 | 3513c5acdacc15090da52e49ee086cd5288ebad7 |
| SHA256 | 7ae7c7dc249fc72dfc16bd5731592f24c8fbde7e372d35d6cdb5e2f73eb019fc |
| SHA512 | c44a214568879cb4d1be54808276a59f85c91a8d513c893ff1e52594656b1fbfac7a02d058d4e6927ee50fa349a74a2932f59a4c78327a2c1415aabaccc0323d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75b715c1d5a2c374367a25d6d8fc8a75 |
| SHA1 | f6f2b4e3560ecf4fda50d5cc1ffc0d8d9c5466f8 |
| SHA256 | 47c03209b0f942909cf4a4ea6568d3f6121e3c722b8e3e84e626b46b1e6a50bb |
| SHA512 | f7d4aef2c8399f605b9d81e14d4c7adf218eb1fd98ec77f7eed07fe4a2b14c458ff3347c8bd1ea253a651edbe7550d34b4f2e05976fbfb1dd4166122c5ff8565 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57b2c11f50d253d50e0e88d983f8c866 |
| SHA1 | fb708e6cbe74393191aa231c8d2635dcc644bdab |
| SHA256 | 164a01a78c04b37356df6cb84e7e7d29b0b754f8efde75d152f330c0a99d09b5 |
| SHA512 | 9409ffff7d986412584bd11dda54719d4d68f3739d8ebf6ecbc79a885f04a1a97102cb05c6f190f08d5da8c5fddee5eafabe0bdbbf1d9c9d294d5d1b5ff1464a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-04 16:23
Reported
2024-09-04 16:26
Platform
win10-20240404-en
Max time kernel
149s
Max time network
144s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "Microsoft" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\M1033Zira" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\System32\\Speech_OneCore\\VoiceActivation\\en-US\\VoiceActivation_en-US.dat" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "56" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "49" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "804" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "309C 309C 30A1 30A1 30A2 30A2 30A3 30A3 30A4 30A4 30A5 30A5 30A6 30A6 30A7 30A7 30A8 30A8 30A9 30A9 30AA 30AA 30AB 30AB 30AC 30AC 30AD 30AD 30AE 30AE 30AF 30AF 30B0 30B0 30B1 30B1 30B2 30B2 30B3 30B3 30B4 30B4 30B5 30B5 30B6 30B6 30B7 30B7 30B8 30B8 30B9 30B9 30BA 30BA 30BB 30BB 30BC 30BC 30BD 30BD 30BE 30BE 30BF 30BF 30C0 30C0 30C1 30C1 30C2 30C2 30C3 30C3 30C4 30C4 30C5 30C5 30C6 30C6 30C7 30C7 30C8 30C8 30C9 30C9 30CA 30CA 30CB 30CB 30CC 30CC 30CD 30CD 30CE 30CE 30CF 30CF 30D0 30D0 30D1 30D1 30D2 30D2 30D3 30D3 30D4 30D4 30D5 30D5 30D6 30D6 30D7 30D7 30D8 30D8 30D9 30D9 30DA 30DA 30DB 30DB 30DC 30DC 30DD 30DD 30DE 30DE 30DF 30DF 30E0 30E0 30E1 30E1 30E2 30E2 30E3 30E3 30E4 30E4 30E5 30E5 30E6 30E6 30E7 30E7 30E8 30E8 30E9 30E9 30EA 30EA 30EB 30EB 30EC 30EC 30ED 30ED 30EE 30EE 30EF 30EF 30F0 30F0 30F1 30F1 30F2 30F2 30F3 30F3 30F4 30F4 30F5 30F5 30F6 30F6 30F7 30F7 30F8 30F8 30F9 30F9 30FA 30FA 30FB 30FB 30FC 30FC 30FD 30FD 30FE 30FE 0021 0021 0027 0027 002B 002B 002E 002E 003F 003F 005F 005F 007C 007C" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2834efe4e6feda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "21" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "I 0069 Y 0079 IX 0268 YX 0289 UU 026F U 0075 IH 026A YH 028F UH 028A E 0065 EU 00F8 EX 0258 OX 0275 OU 0264 O 006F AX 0259 EH 025B OE 0153 ER 025C UR 025E AH 028C AO 0254 AE 00E6 AEX 0250 A 0061 AOE 0276 AA 0251 Q 0252 EI 006503610069 AU 00610361028A OI 025403610069 AI 006103610069 IYX 006903610259 UYX 007903610259 EHX 025B03610259 UWX 007503610259 OWX 006F03610259 AOX 025403610259 EN 00650303 AN 00610303 ON 006F0303 OEN 01530303 P 0070 B 0062 M 006D BB 0299 PH 0278 BH 03B2 MF 0271 F 0066 V 0076 VA 028B TH 03B8 DH 00F0 T 0074 D 0064 N 006E RR 0072 DX 027E S 0073 Z 007A LSH 026C LH 026E RA 0279 L 006C SH 0283 ZH 0292 TR 0288 DR 0256 NR 0273 DXR 027D SR 0282 ZR 0290 R 027B LR 026D CT 0063 JD 025F NJ 0272 C 00E7 CJ 029D J 006A LJ 028E W 0077 K 006B G 0067 NG 014B X 0078 GH 0263 GA 0270 GL 029F QT 0071 QD 0262 QN 0274 QQ 0280 QH 03C7 RH 0281 HH 0127 HG 0295 GT 0294 H 0068 WJ 0265 PF 007003610066 TS 007403610073 CH 007403610283 JH 006403610292 JJ 006A0361006A DZ 00640361007A CC 007403610255 JC 006403610291 TSR 007403610282 WH 028D ESH 029C EZH 02A2 ET 02A1 SC 0255 ZC 0291 LT 027A SHX 0267 HZ 0266 PCK 0298 TCK 01C0 NCK 0021 CCK 01C2 LCK 01C1 BIM 0253 DIM 0257 QIM 029B GIM 0260 JIM 0284 S1 02C8 S2 02CC . 002E _| 007C _|| 2016 lng 02D0 hlg 02D1 xsh 02D8 _^ 203F _! 0001 _& 0002 _, 0003 _s 0004 _. 2198 _? 2197 T5 030B T4 0301 T3 0304 T2 0300 T1 030F T- 2193 T+ 2191 vls 030A vcd 032C bvd 0324 cvd 0330 asp 02B0 mrd 0339 lrd 031C adv 031F ret 0331 cen 0308 mcn 033D syl 0329 nsy 032F rho 02DE lla 033C lab 02B7 pal 02B2 vel 02E0 phr 02E4 vph 0334 rai 031D low 031E atr 0318 rtr 0319 den 032A api 033A lam 033B nas 0303 nsr 207F lar 02E1 nar 031A ejc 02BC + 0361 bva 02B1 G2 0261 rte 0320 vsl 0325 NCK3 0297 NCK2 01C3 LCK2 0296 TCK2 0287 JC2 02A5 CC2 02A8 LG 026B DZ2 02A3 TS2 02A6 JH2 02A4 CH2 02A7 SHC 0286 rhz 02B4 QOM 02A0 xst 0306 T= 2192 ERR 025D AXR 025A ZHJ 0293" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = a0315e4419ffda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com.bi\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "77" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "409" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5c6001e6e6feda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com.bi\Total = "111" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 1 0008 2 0009 a 000a e 000b i 000c o 000d u 000e t 000f d 0010 p 0011 b 0012 k 0013 g 0014 ch 0015 jj 0016 f 0017 s 0018 x 0019 m 001a n 001b nj 001c l 001d ll 001e r 001f rr 0020 j 0021 w 0022 th 0023" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "L1033" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9f09def9e6feda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2013.1022" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "11.0.2016.0129" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "DebugPlugin" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaV = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com.bi/users/5445740091/profile"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 9.187.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.135.105:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.135.221.88.in-addr.arpa | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| GB | 88.221.134.19:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.19:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| GB | 88.221.134.48:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| US | 8.8.8.8:53 | aws-eu-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-ap-east-1c-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-west-2b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | ord2-128-116-101-3.roblox.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| GB | 18.169.126.21:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| GB | 18.169.126.21:443 | aws-eu-west-2b-lms.rbx.com | tcp |
| HK | 16.162.200.89:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| HK | 16.162.200.89:443 | aws-ap-east-1c-lms.rbx.com | tcp |
| GB | 88.221.135.82:443 | c0.rbxcdn.com | tcp |
| GB | 88.221.135.82:443 | c0.rbxcdn.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 3.137.17.126:443 | aws-us-east-2c-lms.rbx.com | tcp |
| US | 3.137.17.126:443 | aws-us-east-2c-lms.rbx.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 52.33.128.7:443 | aws-us-west-2b-lms.rbx.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| NL | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.126.169.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.17.137.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.128.33.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.200.162.16.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.246.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.67.204.143.in-addr.arpa | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.101.143.177:443 | www.bing.com | tcp |
| GB | 95.101.143.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.253.116.51.in-addr.arpa | udp |
Files
memory/1996-16-0x000002A785520000-0x000002A785530000-memory.dmp
memory/1996-0-0x000002A785420000-0x000002A785430000-memory.dmp
memory/1996-35-0x000002A7828D0000-0x000002A7828D2000-memory.dmp
memory/1268-45-0x0000024200B60000-0x0000024200C60000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | a0955037d0b651f2ec3f06b84049f333 |
| SHA1 | 05f8055a2afda2386aadb59f4ddd2de2a0712a25 |
| SHA256 | 40b2f4c8f927376ab7ef106d388612c07026e49d448763c7172a4190c7f6c9c4 |
| SHA512 | 795a329718c53fdb101f500c369a137a3656c4be37945d9bd61de0209543309648162edb309aea3e1d9f044625887a3d48d2c7f8f9ad08ca0abeefbd5bdf9e78 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\541B6CF80DD366D1EF5107CB7FE13150
| MD5 | 8c8c6860e763e80dd1858011c775555c |
| SHA1 | fe5b08ff754ccff0f1135d2472bf72692ceade8a |
| SHA256 | 8823023b29ed3b3b642044311309e3fc56a957d9416f459fa43d9b3b340f78fe |
| SHA512 | bdaee8141b74d2fcca978e8404ff87f7fb64f00731fa5a41bbd9a7ed78670e0f084c0cb4d55d78696326c66962c01e0b882e84707f7e47bd970dc29a9aadcbd6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\541B6CF80DD366D1EF5107CB7FE13150
| MD5 | b125b2c75b38bdc224bceb774530a4c5 |
| SHA1 | 4afc4412205e4daeb7048595b4aac108362f3050 |
| SHA256 | e798011c7b3f40a36e093c7d82af95a75925ec16d8b8358a395a20d5a83d19e8 |
| SHA512 | 5e748042f43a40432bb480d34d48af3deb2cd44439737adef9830909d0e7a33daed323dce6db3863bf768834bb7222f6cfbd579451c2dadbc0362eeb3810f4e7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
memory/396-62-0x0000016F96A00000-0x0000016F96B00000-memory.dmp
memory/396-61-0x0000016F96A00000-0x0000016F96B00000-memory.dmp
memory/396-71-0x0000016FA70F0000-0x0000016FA70F2000-memory.dmp
memory/396-68-0x0000016FA70D0000-0x0000016FA70D2000-memory.dmp
memory/396-66-0x0000016FA7090000-0x0000016FA7092000-memory.dmp
memory/396-326-0x0000016FAA760000-0x0000016FAA762000-memory.dmp
memory/396-323-0x0000016FAA740000-0x0000016FAA742000-memory.dmp
memory/396-319-0x0000016FAA720000-0x0000016FAA722000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PT4A2XS3\api[1].js
| MD5 | 612e612ebc922b19bcda0a4899a50a66 |
| SHA1 | 09b0017a2c25e1b2aa9be4543ca16b367a0d6e5c |
| SHA256 | 20bbf65fbeb252f305a52000604e524d4c8490f5bc5e7136b57366d8ec95a8f3 |
| SHA512 | a99f20f09ba658277ef8983b601fa5eac08276dd80fa0f42f10f16a944186b701a18254e8ecdbb5e8a9a9b800a99ab972e7fbcec2a95647c206e3f5115925a77 |
memory/396-423-0x0000016FAB910000-0x0000016FAB930000-memory.dmp
memory/396-422-0x0000016FA9BE0000-0x0000016FA9C00000-memory.dmp
memory/396-452-0x0000016FA9B80000-0x0000016FA9BA0000-memory.dmp
memory/396-479-0x0000016FAB5E0000-0x0000016FAB5E2000-memory.dmp
memory/396-485-0x0000016FAB6B0000-0x0000016FAB6B2000-memory.dmp
memory/396-481-0x0000016FAB640000-0x0000016FAB642000-memory.dmp
memory/396-517-0x0000016FAB5F0000-0x0000016FAB610000-memory.dmp
memory/396-575-0x0000016F96B00000-0x0000016F96B10000-memory.dmp
memory/396-580-0x0000016F96B00000-0x0000016F96B10000-memory.dmp
memory/396-588-0x0000016F96B00000-0x0000016F96B10000-memory.dmp
memory/396-587-0x0000016F96B00000-0x0000016F96B10000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\8WUE2QB7\www.roblox.com[1].xml
| MD5 | a228d2c531cff64c1029f6b92d2f3647 |
| SHA1 | 4ab1383439d6516b86ef22c565d18423b64ef231 |
| SHA256 | d0060cc0a9b40f151153a99a1a8add91d85077d320b17fe013048253dd12ec68 |
| SHA512 | 1707c00c8792f24345811dd056703b5a5ab6176b171b99a3ff084bcc15dc1308b85d28be0a52241444d351dfbb387f1f66fa1fb0f939c7d6a9ef1bfe4cda5c89 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\8WUE2QB7\www.roblox.com[1].xml
| MD5 | 3ed8b6e201d5c4fa088f48d97331edbd |
| SHA1 | e771227672576da12549482f72f76fda7345fb4c |
| SHA256 | 7b647ebc581e6a8f8a3e2878d35b1cce47cd4ffe6d23d69b5bae798b9511aeb7 |
| SHA512 | db93ff5b2013609eb774d3c6a51a836586979f7d9c44dac9ef264d76ae32b5e1282db3e869837b576d238e38eda70c6bf4be6e4e80b77cdfcc98304e07e2649e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\8WUE2QB7\www.roblox.com[1].xml
| MD5 | 7301674cff8d0ee39bad352b828cb8aa |
| SHA1 | f0ca23793623ae19b8be1cd61d6272720e9f7622 |
| SHA256 | 5eb976a6f47cc7004989f4a9a004650f3887a2aa23aa0eaa3af4a6c3f3ac4b8d |
| SHA512 | 7954b4c90c8c29290cfbefe5cfdba229fbebb073ff5c196428f5aaa32e2babad19a1d6cd4cf88b8d407073f975ca7b72e04397e1fe6c92221c88a2ab428c2d3d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5E19559Z\js[1].js
| MD5 | 00a4b6738cce88a4012152008dbc72fc |
| SHA1 | 95690a65ca222b11710c420405456081a5781a99 |
| SHA256 | f680cc8e663fe2c0f30d769a4e5f490e963c1245eb574f54ce042470bbb2a01c |
| SHA512 | d1b9dfb8610abc7320cb0156ae1934ec83df1b624a81921e334639d93aed4688f51f3875e4e9fbc1ca7f16305ff5af1996e42f852c19daad91e5ec3a175718df |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4W502WQ8\7bba321f4d8328683d6e59487ce514eb[1].ico
| MD5 | 7bba321f4d8328683d6e59487ce514eb |
| SHA1 | ae0edd3d76e39c564740b30e4fe605b4cd50ad48 |
| SHA256 | 68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54 |
| SHA512 | ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\8WUE2QB7\www.roblox.com[1].xml
| MD5 | bc761f0fc43e2c2c15525f15146db2f4 |
| SHA1 | cae24fd5f08ac86c87bb7102cd08ce9e5c8ddec3 |
| SHA256 | 0c16a5b7b7ce40610c23d88fa916deaf849d72acae355b5b55900677fcbc72d3 |
| SHA512 | a1f7a905148f690b931924f3f8ebdf28c613f7056b4f6c5a4c3a6bb56cad0f33eb2c3474d12ae119de2bf5a51886b6634028ff2163815c46f420b4e1b1adbc93 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P5V8AND9\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral3
Detonation Overview
Submitted
2024-09-04 16:23
Reported
2024-09-04 16:26
Platform
win10v2004-20240802-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650446f8,0x7ff865044708,0x7ff865044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,5596447585276041628,478193787177915785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2656 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| NL | 18.239.50.82:443 | roblox-api.arkoselabs.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.19:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.19:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.187.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.232:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 88.221.134.57:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 216.58.204.66:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| US | 8.8.8.8:53 | aws-us-east-2a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 8.8.8.8:53 | aws-us-west-1a-lms.rbx.com | udp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 3.142.117.114:443 | aws-us-east-2a-lms.rbx.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| DE | 54.93.128.66:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| US | 54.241.62.188:443 | aws-us-west-1a-lms.rbx.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.128.93.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.62.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.117.142.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_4524_YYZGTVMCRCVPOHIZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 654adc48a5f5b81d34f071aae8329211 |
| SHA1 | 73586d6d85e10feb9c72965257193281b2fdae30 |
| SHA256 | 161c30ac4ba8038925aa2fd6afa021a75de78b37959ef3bc7b6147b575d9aa42 |
| SHA512 | 1cfb98e271f1a11dcfcfc4e8159231abc9eb46bdd447885c23289f117f9d46849ce29ea28bc6f0b5809a54af33b4eb8d4e63fe3394016d3c1a6d3eef349ddefe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 966cd0cd8154cbad1383d5bdc72931e7 |
| SHA1 | abea8b0b7514e30b4b24e3b45aa4dafbb08e4b93 |
| SHA256 | 6aea711aa6686ba8dab0245f6221a85774663de7868e2a9a6eafbb803382802b |
| SHA512 | e0b8ad6be999e711ce5cf10b0b95695501a69a65a66bd8b0f19d70d87e4e6b15a5553b942108b0c0fda544b6c5e05b6d6d9a982cb2a0db20c9e387792890e8d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef8d74bb34ab98231ca6ece065691617 |
| SHA1 | 171e8fbb0ca70c7b935051dee3facb46cb85edb7 |
| SHA256 | fbbe6fe0f4ccf858d7741900dfbc2ba6bd671804c8cec55f2bbbf6788d8ca2a1 |
| SHA512 | 77f4d9c629078d0ccaa089ef1fd03c08af1742fdc705d15d1f19283d20012faf23a8941b371c88815b93d44c7001f5933649c0c862bd3427115fe3095e90e57a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e781.TMP
| MD5 | 626dd873cf3c92bafe70867b6f24ecde |
| SHA1 | 851de901f367e096e9d2406b2d3c82cdc32d5e8c |
| SHA256 | 798e6eb37bb0429557785735199ba731d8af29816192946d209ef96475509ae9 |
| SHA512 | 1f989fb79a6c554f96499bcaf3a0fbe819b89e73d3ac807a1b15dbe52013d5ab156a2683eb706bcd4539de461e1473d58ae31789ea5261166fd6f307509bca6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b254cbf2de2ba90ffd5d4fea708a782c |
| SHA1 | eb046e21c2698fa0c113600d073dc7f34467e9fa |
| SHA256 | 87d6b0adeea0941efb2c59a69203d14e1a930c0fddbd4750870fe32918f0ac63 |
| SHA512 | 2ad089890feb4ded05f3c6f98a2a45e6f55f2807c77c55d4e2cdf5cfead7ed0381df32e850f4125d7445c095a9ae7a139bec4f136e414da5f55cb0cd70aa4d8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 185f2f933c5d5f97a22930ff8b729404 |
| SHA1 | 6fd0d546598c32ef8a73026df38d2221969d331c |
| SHA256 | f6e9865cad2bd24f5d2d434b4f3a1d3b33885290979606e5a50e4a231fcc60b9 |
| SHA512 | 6f8be06d4d766e6aa5aca6cf7835c05d5734001f785edd3be1914224a6607f576651a67817df414dfd86608849de9863277bf9b8e13736db56e99a7cb93ea4e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 49c61b3e30a8b7b87e7890136bed53a0 |
| SHA1 | d6bfcfb8a0aee016c4eab3b26f9c66fd2b4f8d3f |
| SHA256 | d5e801d2657db9c82f1f7bb92f155bf61b2cf2cab9497f2a2273777530daff34 |
| SHA512 | 5ae71343d725a01c252bead589eee864def204fd97f3df735dcc02f2b38176c2d1663cf393543561901bba0802785192dac0f7825a95d0eed788e81aa78dbcf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2de423c002fcb60363b109c646228317 |
| SHA1 | 25edd7fff613e7e8d14f737a7cb1e5bd62bf5953 |
| SHA256 | eb7d22912d3e33021804c983181cb73db0d5df37a9ee7265c0b46fee6bc00272 |
| SHA512 | 9eeec7206f34861e2fb8316aaa043f1304ea8072482b260d84a558ae1f05cb6b88aacb69efa6755aebd0e741b6669c5ccd19b8c549d598675389e88f29056176 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d90717c34778f0e9fa81054b279b6404 |
| SHA1 | de2eb78cc186c6df2d232ac5838a7453d50285e8 |
| SHA256 | aab10a5e5968593450138a5f132cf157676771e7209e1ca5cad94c10c469d07e |
| SHA512 | fd1316565172d5212e020061469085b42cfcbcb71a991b25a552db7e4304adbbbf30094a2dc30d4f60c24e8cb6f6cf7a719e0250c4e0ef39d4d644b4a53d0105 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-09-04 16:23
Reported
2024-09-04 16:26
Platform
win11-20240802-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.bi/users/5445740091/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a2eb3cb8,0x7ff9a2eb3cc8,0x7ff9a2eb3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,8731163889099127520,5526869934564503243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| GB | 88.221.135.209:443 | static.rbxcdn.com | tcp |
| NL | 18.239.50.82:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 18.239.50.82:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 88.221.134.58:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 35.82.201.255:443 | aws-us-west-2c-lms.rbx.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 35.177.44.219:443 | aws-eu-west-2c-lms.rbx.com | tcp |
| US | 205.234.175.102:443 | c0cfly.rbxcdn.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| DE | 3.127.184.202:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| GB | 88.221.135.91:443 | c0.rbxcdn.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4bf4b59c3deb1688a480f8e56aab059d |
| SHA1 | 612c83e7027b3bfb0e9d2c9efad43c5318e731bb |
| SHA256 | 867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82 |
| SHA512 | 2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9 |
\??\pipe\LOCAL\crashpad_3224_QVEKNFMVMMXJOACT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b4ae6009e2df12ce252d03722e8f4288 |
| SHA1 | 44de96f65d69cbae416767040f887f68f8035928 |
| SHA256 | 7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d |
| SHA512 | bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e8fb3639dcf27ec73b74be2d7c272952 |
| SHA1 | cb7897edb5f967850b791c1f197aa596b0c7cd8d |
| SHA256 | f9e2480a1ea19ddf0cfb6c0b75661c22a69ef12412fbea64481a438b5f7fe56b |
| SHA512 | cf4286c5f38e729e971d759c8e04d0feef2789f504e6bb5ad0598c92c3f26d90dbc47fd2a74faeac10bf79e7a61490fb5ad305e603956bb806a52787b5a55cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6b54e439e7bceee74b52cb10f32b8dbe |
| SHA1 | 5eb561e3ffdd2305df7627f6ae3f75927eda8ed4 |
| SHA256 | 33f1cfa3b60bdee4ce119c0aaff39a7a6264f37eb03b032d9094845399985852 |
| SHA512 | a98b155a06c3666b850b6fec6e8415055467c219d15a7c22094eb4a5d86a0c12fb308ff5b3a442e71c78f09e32eace939cd6d9f619640cb4a74f97d8c4263319 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7824c36b50a7a59085cb0df6524dacc1 |
| SHA1 | 5cf2038fa3881089a8ec3d8b6fc8e9365e003546 |
| SHA256 | b8e31a6b10b28322f6b0d71fd764dafb8af9dcc623e433a57ca3eaf439124cef |
| SHA512 | ce858d5f04d49c2bdc4d6e8462b33d2937ff6200b61d5692d06d9c42f6a96ded2892cdd3b2929af16131ccd2cc3f3f7daa614f2dcd1898687cdf1765453e23dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 07a140aa58eaf77c388063ebf8612f88 |
| SHA1 | 694ee12a258a376fc8cc6eafd9bb174f540ad399 |
| SHA256 | 60664e28273d7e5d71cca53cee512bb43b3ded64fb8649f7bd798862e7f9e2af |
| SHA512 | 4a7f181e8bd243fec00d5693bcd86eeec766dbb7a6e9f577044de1e64e95ac5de11f34b9b7ed6f461f820ff1b2a50863bc93876805f7b94023071719f37d6461 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ae51.TMP
| MD5 | 0794c944c8b41c1371ea4cf1b265964f |
| SHA1 | 26869d7f11b129d003305141d513f8fb20e385e2 |
| SHA256 | 3485c8b23b5b87796b9208555a68bc8da85e24decd8a4b54b6e900a1cad32ab7 |
| SHA512 | 6b0c99e936f5d292f6e693b329851c5050e94828ac101138c76ac5f4206255ebc7c6d5d79e56aa2dcea1b6e6d642c8ece051b55954a29d2a38e138d9d5a5165f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a02f75e174abc7f833dee6307d5bf0d |
| SHA1 | 6197e9ffc2febb5c27b233afaaad496b37f0cce2 |
| SHA256 | 9b79be6dccc77ae6b9dfe4afade5ff7b87c4f31c373ac92900c06fbaa623c96f |
| SHA512 | 2d70402d7ea85b3a3412ed69fcf8d166c93a95391ff8d1ae2adaee64cf3cb25cc563c80634ddfb4bccbedf7dfa5f9844183dfa0a3f918557927c247cb85f6659 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a7d3cb330f538ff3897c4764ecf42b1b |
| SHA1 | f7087199f1b1982c9ec7aef0e00211f706d50295 |
| SHA256 | 8e121e7a4813127bb2f7639e48d16bd2a87051ded1a52c8aaae6ea4dde37ded3 |
| SHA512 | 50131bb84c4f3975284d0976225b8bd453607046fe4c7dbd1f1e7fb9ca7bf7d5c5bf68eb36510164cde1b90da20ffad6d05ac291c67161655bb14a651c080e41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2980604b78b18d09e1f29769ed7e35a9 |
| SHA1 | eb1c41863ff48dec8036d162c0a9e2f88d3e57e9 |
| SHA256 | e93901cf297a18a73b6f5fbd659178662889e684500fec8ad0059c020aa628c7 |
| SHA512 | 8d7e628d5c3cc855f6afaf63a69c38b3481276641172a7a85e6aa118ae2e63e1b17419a4c29419eab9c462268fdd8b0beb12d952c8b05c9d42f36bd9053df7ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d51957f94f713afefe81cfc43ed5120f |
| SHA1 | ebf58f56814aa225d1ebbd49a718680ab04cd485 |
| SHA256 | d017215453c4915c0c037ad0546e642e1ba15f4a5348b1f3f93b33aea8e0e1f3 |
| SHA512 | 57d74d857f8f69cd4123b4e3c43cffebc994e33d8d9a2a964ce712b84ee10f68b049ac3e43f29a9378d4f441c975b0d3d3949ca1afbec45f98fe11b51684d769 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-09-04 16:23
Reported
2024-09-04 16:25
Platform
macos-20240711.1-en
Max time kernel
78s
Max time network
82s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.roblox.com.bi/users/5445740091/profile]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://www.roblox.com.bi/users/5445740091/profile]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=29]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=39]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=277525858 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=59]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=277582590 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=59]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=280870753 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=73]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=281428069 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=73]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=281793514 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=74]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=282425250 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=74]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=82]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=97]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=106]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=19]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=295953749 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=117]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=123]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=27 --launch-time-ticks=352378882 --shared-files --field-trial-handle=1718379636,r,9505799258415477982,15853057580974381565,131072 --seatbelt-client=119]
Network
| Country | Destination | Domain | Proto |
| GB | 17.253.77.202:80 | tcp | |
| GB | 184.85.51.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com.bi | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 19-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 45-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 216.58.212.202:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 2.18.109.84:443 | tcp | |
| US | 8.8.8.8:53 | 38.courier-push-apple.com.akadns.net | udp |
| GB | 216.58.201.99:80 | www.gstatic.com | tcp |
| GB | 216.58.212.202:443 | optimizationguide-pa.googleapis.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| GB | 88.221.134.27:443 | tcp | |
| NL | 18.239.50.59:443 | roblox-api.arkoselabs.com | tcp |
| GB | 88.221.134.25:443 | tcp | |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.81:443 | tcp | |
| GB | 2.18.190.81:443 | tcp | |
| GB | 2.18.190.81:443 | tcp | |
| GB | 2.18.190.81:443 | tcp | |
| GB | 2.18.190.81:443 | tcp | |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 18.239.50.59:443 | udp | |
| NL | 128.116.21.4:443 | roblox.com | tcp |
| US | 205.234.175.102:443 | images.rbxcdn.com | tcp |
| NL | 128.116.21.4:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| GB | 88.221.134.57:443 | tcp | |
| US | 205.234.175.102:443 | tcp | |
| GB | 88.221.134.27:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| GB | 216.58.201.98:443 | tcp | |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 1.courier-push-apple.com.akadns.net | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 10-courier.push.apple.com | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 34.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 9.courier-push-apple.com.akadns.net | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 8.8.8.8:53 | 0-courier.push.apple.com | udp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| NL | 154.213.187.9:443 | www.roblox.com.bi | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 2bada39835a5dac02f9c52f49fdee151 |
| SHA1 | f37bcafd5a0e6cb14734b74af34f92f12a61badf |
| SHA256 | b8b93617520d2c685675880ff128a354cae66daf13a35fcc6509bad805f65a20 |
| SHA512 | a7288c03a92d44145a3ba3435ac73c0792cd113c57a8d437260f9c5756ecfb1c4da6123058da7434b52ea823f34cc3766d5184fefad8f4a73243263a07fbead1 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 7a010de07c728d15f26df8e0cd7e777c |
| SHA1 | 76dbb00f966f18de03d9f4fceb536f9f47a2dbb8 |
| SHA256 | b3148c12729524e7cb2076d747726899703b981d5237f1488e8875eba3b30b64 |
| SHA512 | 117f37bdc9675b7e8b1c95f9e0a870c641e4e4da03c7d877e6693f1e6475b3187319a71f4513ec3bbfdb3631b3af159a9243102bf02c344f3549f43cc776ef01 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 7bef5aa40a74ec99b9bd54f3c2edf22a |
| SHA1 | d81719ed9b08c3efab3b46e8f1c1c81176c3eb14 |
| SHA256 | 1576f6751f40a10b51e97a8914d3abb264277c4728e1119f39f29d47c827213a |
| SHA512 | 47bfd852fa83b636bda82f368e4b1d4d010b5776f8748681f8ad3bdc7d41fdaaac56b192b961bc2596de67f735e16d678a43cef149a9c7f5287a9363cd7bbfeb |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | a8954646e44e3eb92bd0666de8250f0a |
| SHA1 | 5671093583247a79b5d68386ffd65944851be145 |
| SHA256 | e955a1037fe03eb932eb4958f66e77cfd144aa6809be6655faab529d386853b9 |
| SHA512 | ebeeb4b3a442dfb6dd146c6ce32194384728a004263805cfee92f2784fd774ca585c15494d78dcde3c17512d253221d76d99eb40fff443ab2a91ad9d5eeb65b2 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 2273707f6cb11ca2928f936bb1287ca2 |
| SHA1 | 438464fd15dfe61bd7571e8f1c16d49140368796 |
| SHA256 | 72584d8de585fdaed826435d9d5bdabf49baeda9686dde27d0769354f0e13376 |
| SHA512 | e16e3d12aa6c327a586fff2983cd63d27779b1df210b7b0dd9ee2980513e7ad50657964eb9d1334eb14f2f91fd6def6a50968f9a2c506d44a5a4877ac287206b |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | ccda82cbb476863496e5b168acc3b0b1 |
| SHA1 | 1c94c9c22bb4c1e3e6d391adf335dd32e44123d4 |
| SHA256 | 0bd0c2b853bbd8e2398db6f0344414d649aabd7e9f30ae631f3bf66458e6f133 |
| SHA512 | 6cf91a848ead8721492c15583c82d0e84dd45aaa5b0b467be2cb79cf687212db3d32df8b52834ece6642b3b5f769f622e871a41ef3d207646c307de323e4af00 |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.LrQ3Y4
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir7W3bnN/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir7W3bnN/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/4b237a2d-a67b-43d6-b0c5-debb752ec07c
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/27a28844-9484-47c3-83ca-34c06196636b/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.dAFOlp/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.51.0_all_acbqatjjvjcpzcwzr7qehoq4wf4q.crx3
| MD5 | 5aacc7e6ba04a3b57fdc03a5d4aabbec |
| SHA1 | 63aabd9cf4acaa53ff4f09e23749b42ceb38ca12 |
| SHA256 | 3651711652892acf34795b2c7e4d401ed2274c20e952f65cf52deeeef5bbf9b5 |
| SHA512 | dbbc38684e1df655f2dc0666f82815e97917feb22da1ddf6da3acc1bf6ab15d54ee3986a01bb305f668e961a0ecf3688357411f1494ea8c3fb721293f0951adb |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.51.0/Filtering Rules
| MD5 | b23dd5b6eccb460003ea37ba0f5e3730 |
| SHA1 | fd444553cb7699f84ce7e5664232771673dcf67d |
| SHA256 | 7f7f432c27d97dee184dcd3ea20f731674c008be849c0136f9c5358e359f3ea9 |
| SHA512 | 7e47bd172c4bd4c65f063a8fa3fb33ed47f29156eb20e42d4e8ea73c6f02526a30ffe907be5b7c1406d4eaa71fbec7c0d557c376dccd0a1a961e2f61b3431181 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.51.0/Ruleset Data
| MD5 | f01cc430de3d42c5c2cf54e3b1605bc4 |
| SHA1 | ea829f968972f5bd85b50df322a7c0c410d931e8 |
| SHA256 | 5dd0664f2a550f5ecc3a59a3e986f7c3f4a9a5179d93e8fea9ce7a3e5200f00b |
| SHA512 | 6f60d5139b6785f8957e259dd57d90370fb0b9bf7cf0d144156860ac47331086e68468fbcd094d8dca5f145be28db35ccb162aad3a0257ff3e33a72b85cde890 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.d2tts9/hfnkpimlhhgieaddgfemjhofmfblmnib_9087_all_gf2jc6o7v3d3fdjcfdi7i5urwq.crx3
| MD5 | 535a8bb3af115dff5cf71b3f16d83672 |
| SHA1 | 10ca8c702aca3b6eef664720e2e4f352882d1c8e |
| SHA256 | 213d46c11606fff69165b59de405dac2a4201ab535e383027f9a623724a22107 |
| SHA512 | fb875027ea76780958235039cc3f87b1988bc804d57a656dcd23585cc46e7d5074033c31499bcd3e65c400bd2bfba901ecbdab4f74e150bfedcca7b9d8d9e3e5 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.5h8qMj/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 72326a22c279498851ae0331f64c001d |
| SHA1 | ed2e9811491e6dcb047cdc5ff8c20f75091c1f99 |
| SHA256 | 2638e3c2d1fa1d417bfdc31dd21bc938f106d3b436a6488b41b014ca9e2b7541 |
| SHA512 | c5aa42964046f225db517a0d90ea73fb5503aa090ce54911df4519938d44cec0fe9ae55d0fb71d50124e11c77e212a7a766889ad775305beb6f8701663f4bcf8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ZoTidD/lmelglejhemejginpboagddgdfbepgmp_463_all_ZZ_j2yapcm2iwsjsw3vspibzp4cee.crx3
| MD5 | b2dafe25aea793b54de2becceb187c6d |
| SHA1 | c161e609d50f79ac43b26bc3ac501c06ee1f98b7 |
| SHA256 | e063c32d4a54071d6da859af231054da97b092113b2ba9fa61ef88bc5714c71a |
| SHA512 | 9e0f302be1762e886cc3891933276269905dd539b706bfc4a77bf97251409d3c1496495936531ad6c37f4309fa5f7e68c93fe973ad5fa8b82a3b60eac7f88305 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3wT8n2/efniojlnjndmcbiieegkicadnoecjjef_1062_all_adeocrbltt6ccaniukpklryf3ibq.crx3
| MD5 | 58177ccd3bf9e82220c0d4677e677171 |
| SHA1 | d5d2a3cd1576b65db1984f196654252352b76223 |
| SHA256 | 22da50bca40ebd9dcf90d85dbf17a7eedfde0229b0a64e30ee55fbd960a3e47d |
| SHA512 | 4ada72196a0aee1d67523008fb1c9a8726c17a79f6df6b721c449389090f679cd1e33545a478998268ff51a0d0096ce5073151523c76fa4b9c32ce728ed73851 |