Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.ml/users/8652821950/profile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-05 03:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-05 03:39
Reported
2024-09-05 03:40
Platform
win10v2004-20240802-en
Max time kernel
71s
Max time network
75s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com.ml/users/8652821950/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddaaa46f8,0x7ffddaaa4708,0x7ffddaaa4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3673888471139205889,14210627780765114268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.ml | udp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 88.221.134.25:443 | static.rbxcdn.com | tcp |
| GB | 143.204.68.18:443 | roblox-api.arkoselabs.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| GB | 18.245.253.89:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 23.192.213.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.253.245.18.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| GB | 88.221.134.11:443 | tr.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.81:443 | images.rbxcdn.com | tcp |
| GB | 88.221.135.219:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| NL | 128.116.21.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.74.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 226.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | syd1-128-116-51-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1b-lms.rbx.com | udp |
| US | 8.8.8.8:53 | aws-eu-central-1a-lms.rbx.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| FR | 216.58.215.33:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | c0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | c0.rbxcdn.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 151.101.193.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| DE | 3.121.8.12:443 | aws-eu-central-1a-lms.rbx.com | tcp |
| DE | 3.64.30.211:443 | aws-eu-central-1b-lms.rbx.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| GB | 88.221.135.203:443 | c0ak.rbxcdn.com | tcp |
| GB | 52.84.90.102:443 | c0.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| AU | 128.116.51.3:443 | syd1-128-116-51-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.8.121.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.90.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.30.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| FR | 142.250.179.97:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.51.116.128.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| FR | 142.250.179.104:443 | ssl.google-analytics.com | tcp |
| US | 8.8.8.8:53 | cdns.gigya.com | udp |
| GB | 104.82.141.62:443 | cdns.gigya.com | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| US | 8.8.8.8:53 | 194.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.141.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | udp |
| NL | 128.116.21.4:443 | www.roblox.com | tcp |
| JP | 142.250.198.3:443 | csi.gstatic.com | tcp |
| JP | 142.250.198.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.198.250.142.in-addr.arpa | udp |
| JP | 142.250.198.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| FR | 154.213.192.23:443 | www.roblox.com.ml | tcp |
| NL | 128.116.21.4:443 | www.roblox.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| JP | 142.250.198.3:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 88.221.135.98:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 98.135.221.88.in-addr.arpa | udp |
| NL | 52.111.243.31:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_1360_HMTYYOUWMUTONPLI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d24994111586cc8cc046350a32cfab2 |
| SHA1 | a55e1110ff92dd74683c4a7720afd1847a0afafd |
| SHA256 | 970deeb6df49e30e025df4b82c573e57994a703e34bf11163c94d6edb011084d |
| SHA512 | 716fa2b428fabfe12e67512d8b01d1fba7ae641d165e5bd9e7c39b0c8757c1a1fe78b81c0c16c8a1c99e74c33874d0a93a63520fec6b921ec1838ea044f586d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4def58d3a88969307ad80cb63fc59d31 |
| SHA1 | f1e7b4b82a79975e32792e6c3ec16124ca7fa94d |
| SHA256 | 2847a42244d538d1c55b65ee6ec32e2800c3fb52c6469943768077f9bf41c249 |
| SHA512 | 7271499b6efa7a6a6fe8363e4a04470c32f4d07787ba49654f3036080b5e5257aa049e9df561cbfc4739ee955f7978f2522c47532d9941f7a080a7933eab6c9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52eae065f209f0ba125cccefffe47d8a |
| SHA1 | 51d41c367c0ba1a85b8891f901ba0b9393964ba7 |
| SHA256 | a75bf2b7ed264de389a46653cbe85d962f7caa105212e9154472ebd832d670fe |
| SHA512 | 8bbc720fdd8e2a287f1be74074a169e02e7a74c81204ebfc5c50fc178cfb6abbedc757d1cab879aff135a4ee37f63924cee1df97462138a0792d3760e4edfbf9 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 10a8c139eee7727e633f62451783d7ec |
| SHA1 | 28418ed12379c06604204d34c756c10c0f108f5d |
| SHA256 | 6f64fb575435c2c6bdcbb34b656967f534a4b1214021bef1cb8a97ae26c79c3c |
| SHA512 | 21afe4760aa24378ed497f04f2d2eadae3816b02883f6b60a13c04f227f0957a40102d5e2f529f50af845998523000540c21b352dc443f63df57cd1030eace50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5811dd.TMP
| MD5 | 83d0e3ba840a2450d19ac8204b1b4105 |
| SHA1 | c0b4b65e2b245ef510183eef55a3065cea5e9bdd |
| SHA256 | 4a6aa99e4eab2a8a18fc79de38d432b0037f1c9675676d9e1e4741d5ecfc99a5 |
| SHA512 | ca11f00e6ac4ddf5e9413f5d590e3e7de5cffd29e8104a4797b47c29aa46f0d6c1c3096c3a1fb5eabf654dd0955f9c98f13d7a17349ab09714e823e093dd1a51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28c2d13cca4db806476c36d5d3ee3651 |
| SHA1 | efe3bd1e9efe1f58f1bbbfa215be03179f839985 |
| SHA256 | 739ddc4264a53cf838dcdda95bf9edb621b84d2169c86e0f9c0ccfb2b3aee657 |
| SHA512 | ac0fb95757efdf39dfbfe87990d9398b758d2a0481077c87aa93bb5c0730b171fcee6f956670860e5314d23adb257867819e3a0ddbf468b75677ae817481a53a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7908c85dae7cdae1889103d4db97cd7f |
| SHA1 | 35e6a69546d15d3bd03b0a0a74566903ed8314e5 |
| SHA256 | 34a6c6cfbb3ff235c889c2fe2a9ef7c63c7fa339c8837e124c1b183f7b8dc84b |
| SHA512 | f1f8b6b017e5e891a7ffe12013a46a11a11be483dc22bad4ac9a81ba7480bc87d41a179bca3ac4453e7bf8728cd6ef288697523d1f44594f0cc354b18277d1c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8571cf17b2ed759afe58726363e9d338 |
| SHA1 | 07ec0bd875d183d8e604c77823aed9f96968c744 |
| SHA256 | d2465845a2d4a08a7cb255142a706b84ef9ec273b348d1c8b6384488eb5839af |
| SHA512 | d205e885db75223f387b3d50cabd2de632128f35d3d87c7068b9b82c0d2bfb7339d3a37a5d6daa95d94dcb959ee551cff79a46edb794c7d98c718348fee7831f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 233c418bd30d8ebee65f6566e230997b |
| SHA1 | fd387c997495f072d8754b270247a06039b1d67d |
| SHA256 | ef55c4cecf532b222cc60272321eafe99eb543f44f734a96a2915660503f9551 |
| SHA512 | c16ce8c53c64a282ec3240a9aa4abc352b09a3e6317d85744953dc8d21ef53dfa4c35a5e71514f5c6bfd8f105ef901ad69eb3d840b424f211c1da0fd835b7070 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | 2e52bee929ab7d56b2622ae84962e0dd |
| SHA1 | 7fd648bb1fb1f069578e992972d7f22ef1bfb36b |
| SHA256 | 58a0ed06b38f7886418d565ea4cdb15345b40a1d29e635e167870f45fe14ed4b |
| SHA512 | c53ceaa60c9591ad0e61e82ebc1b5c6dd46a7b4a1b7ac303aeced0f4a0611e4af2b7a5e1febda5fb10041d0a9c76202ed05bc3e344bb6ac6cc35529e127e9d8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4e395642540116b1d78918eb7dbcb0d |
| SHA1 | 33abf29695f853fb7007b6461cfa6152d0064b8e |
| SHA256 | 422cfae1175bc17a7d12937246f3bc12a1f35c24ec4d28906e57b2f3d5b3b0e3 |
| SHA512 | dcec61e220803756392c367d9e7e7124f5bee9750eb9500aea71bcf4f14828bbeff3de143be146510243c15518ed2056243d6696c78163306c150b19b3553898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bbff4085ae07caae1fb4e7c9c8147be0 |
| SHA1 | 18bedb76ffc79c7a83007df0f67ad9ed6b697968 |
| SHA256 | d88b07215921e7a4147decefab42f3984d0b39761cfacbd1f95278f714dace02 |
| SHA512 | 3735ab37f89f704f70a0c281847c951a42f28659bdc855b465959a1ec6f83bd5db30a72ed68554b5ad31ea894f310371aee18936f7fb928a79e8c2e69bd42ffe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e70a0c1c-4c34-4c91-9dcb-5e9eb905aa74.tmp
| MD5 | a7a6aaed48a7613c55daa67a2523abc5 |
| SHA1 | 7062edaf3e06a23a5d81cc39d7302c5b88d3c090 |
| SHA256 | a97ce15659f2234cc2c25c88ec60100ac6606e5ddaf5d808b07e1762d9432dbe |
| SHA512 | 290b379901183267bbd0d9a24dd69abeb724c8cd997249e966d109a0c6cb872029363982426c1177675ad896aae6c974fcdf7b3e82b6e81162e10b220874d8b0 |