Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com/de/games/6165420832/Ragdoll-Engine was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Disables RegEdit via registry modification
Drops desktop.ini file(s)
Sets desktop wallpaper using registry
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 16:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 16:28
Reported
2024-10-20 16:30
Platform
win10v2004-20241007-en
Max time kernel
101s
Max time network
102s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File opened for modification | C:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png" | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
| File created | C:\Windows\winnt32.exe | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "218" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/de/games/6165420832/Ragdoll-Engine
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd875a46f8,0x7ffd875a4708,0x7ffd875a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5988 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,12897036636344955247,16555256742355773965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoEscape.exe.zip\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3914055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | static.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| GB | 2.19.117.32:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.83.2:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.94.239.18.in-addr.arpa | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | games.roblox.com | udp |
| US | 8.8.8.8:53 | voice.roblox.com | udp |
| US | 8.8.8.8:53 | badges.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| US | 8.8.8.8:53 | lms.roblox.com | udp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 2.19.117.27:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | thumbnails.roblox.com | udp |
| US | 8.8.8.8:53 | fra4-128-116-44-3.roblox.com | udp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | cdg1-128-116-122-3.roblox.com | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sin2-128-116-97-3.roblox.com | udp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | c0aws.rbxcdn.com | udp |
| FR | 128.116.122.3:443 | cdg1-128-116-122-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| SG | 128.116.97.3:443 | sin2-128-116-97-3.roblox.com | tcp |
| NL | 108.156.60.42:443 | c0aws.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 27.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.44.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.97.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.140:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 140.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.140:443 | th.bing.com | tcp |
| GB | 92.123.128.144:443 | r.bing.com | tcp |
| GB | 92.123.128.144:443 | r.bing.com | tcp |
| GB | 92.123.128.140:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 144.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.110.199.185.in-addr.arpa | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e443ee4336fcf13c698b8ab5f3c173d0 |
| SHA1 | 9bf70b16f03820cbe3158e1f1396b07b8ac9d75a |
| SHA256 | 79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b |
| SHA512 | cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd |
\??\pipe\LOCAL\crashpad_2276_EVVDNQLHALZZEIKP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56a4f78e21616a6e19da57228569489b |
| SHA1 | 21bfabbfc294d5f2aa1da825c5590d760483bc76 |
| SHA256 | d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb |
| SHA512 | c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6f1acdb6134dd101181d32d8f92fa125 |
| SHA1 | 5104858b80244027918c87f7e2a33dd1857a79b8 |
| SHA256 | a1237919f53d73d363f18cd046aa574bc892a5f9a1938a0267fb712087920644 |
| SHA512 | ad2560545601d3b2dd78f1f31ede6c61f740f57b08a52a1ea3e4e903c8eb1d7479114aaf3b9bef451129e050f85e4038ab4a442ddf496a73249a170b8b852ca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d2124292ccdcff6cf793c987e9b5bd6 |
| SHA1 | 59e738815827f6d984a88341b0612387d446817c |
| SHA256 | 12151f49dd94784115305973e3d58b6147549084d83ae9d340e7f45c2dadb61a |
| SHA512 | b068f4e8deb671d620ed3af77d5845c63c881ad300bc20fbcd9d9e32b8780ec5834f3e78d87b47688637c4de3c30c0a8164555f259d7dc4daa6cc5d16a0ae623 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 36477b41c2c902db16162e82ffec7396 |
| SHA1 | 30b12eda2a5138c45e908faffea086034a708c69 |
| SHA256 | a57b339af74a2425a964d96b7a16e5849b694e86a7e026e4c10f7647de279f8a |
| SHA512 | 3c2db76d57e8efce89531dcabb9212845e31cfc9c26dfb8813b05739c98f71cc4bf100596e1763c8b145d63b6920536bc8572694f3834381249cdc3f96845d3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca398d997bd145f9e50bf46623965373 |
| SHA1 | a32e51811995186725d24f2ccc80c4e942f449bf |
| SHA256 | f208bcd46b47c6db5272032ecb52359cf1ba3fbbc4ee0cc4e9c6de7b62bc3981 |
| SHA512 | 2bca1a5b8235f5c4cdfca858b0e493b90b5854201dd9249f1cf8c0a742db534315a1354e4da2d25cf88fe5edbc9113bf69c665b6629cabd0e76cfbcdc8390efa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de3a.TMP
| MD5 | 3bb4d80502599b251f061af95235e200 |
| SHA1 | f5293a1d39a2b34b56c2dcab5d815ac83a83929c |
| SHA256 | 94a407c41c87089c21b86d772b520ea115414ad4a88a10c0b63bc688379bcf83 |
| SHA512 | d60acc92851570c79e86030f49ea7dcf2c800873cec21012b281214c748ac5d8962701f4c6c9371ff94cc335c23dee96c50aa052972c1ca4ca8524c3bb39fd5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63716d8e4f3943541e0f2f4b92f83a52 |
| SHA1 | 66fd88f2e543502642db344188416caa68633b13 |
| SHA256 | d87dad70b97c0127412f57c762c8ae4a665feb1a2a1e823bad82e8b8d8c7400c |
| SHA512 | 6e857dab183e397a46c1337c1bd73d40b0a4bebf7065e5724b3c1df4629aa7275b8af39985d4b2d111d1530c6571b367da43674e53d8c7b74ea147b7d256a310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 33c008c8b6e4cb0c94933c88b2fb0d5d |
| SHA1 | 483feafd7f42b00f39391c1c3d8da2a504649479 |
| SHA256 | f0d9b2ccce8ffb25b3a5a8d873c828c5f205982f74a55f0c0d26bdd57dbb55fd |
| SHA512 | 6b4c7e657fa1b6c223f17972211334e2bf833920a315ac4ed67ae2abfd30fbbbecd9698eaff6dfea8abd179f05eac8d3f02a2245a92664511d8a1c35905c4713 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0b36f6d3938d21f5ce540adaf07cc9e7 |
| SHA1 | 163d512ad852e3c943efab25a5837c826fdf05e8 |
| SHA256 | 6d82de7ebdc7424fef4bea81f711fb514251477e2d48a0e4113eb0db87ef4172 |
| SHA512 | 8e93f4eaad6aaa92738567c6868f6316e14eef6b8afa506b9baff57419e7bed80f9eb57349620fca065667f0e04afb0dfe065b7eb8e1c3cbdd663e262409093c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f21db72fb53441dc7c846bbddcbe61b0 |
| SHA1 | 3aeea9fa30a0dafb732eb27f754e9bfa0ae95f98 |
| SHA256 | 2549a16c0bc827a03c6a5e5807745f91ec75ad307554c73d1c0fa8036c6c0e4f |
| SHA512 | 0b33646ddf02d9f6de694dcf60fab31690cd04647600eee840fa973724e8cfef91c6f1ef8aab6a36a872052fe8938d18cde4a2bff42e76053faff633869a2357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cda29ef2a9b4e1ce50fa0db57ea2d740 |
| SHA1 | 05067fb60be3c690fcf44577b78d88ed463b7710 |
| SHA256 | 766e1f45fd7e9a88965931b5e9b2f73ab2feabc185dbadcce330618227c44d60 |
| SHA512 | 39a1fba9652d5832f4b0450247e3e151cf5b5b27fd1ea865ba541eefa2ae2f5a58844d2c3faa845cd9c677fe001d1e5c82ddf42dfef1b5b12e61489003011809 |
C:\Users\Admin\Downloads\Unconfirmed 207440.crdownload
| MD5 | 660708319a500f1865fa9d2fadfa712d |
| SHA1 | b2ae3aef17095ab26410e0f1792a379a4a2966f8 |
| SHA256 | 542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c |
| SHA512 | 18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 86a33868f4674f7e143bdc011b1f921f |
| SHA1 | f26c17137e70d7d853636486234af070021ddf9d |
| SHA256 | 418f0838c1295cd2f9c251260d69279493d1193136f4c1551d57ed8d3ded92a3 |
| SHA512 | ebdad9e90e7413b3c1f0d19ecbd3f6ee5f256f14fb6e6710b7c40fe1c89b073c3a41cf57f3e0a0779425264de80e36930883b2fbf22dc9b87f7be57639987a84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dd00f7cfa6fba0d6f45c58a26900cb4a |
| SHA1 | d590517ae8d0879ca1983c7394e0fde2a44eca61 |
| SHA256 | 1c627307935e93802ab7a911130737464ef3afbc84a91cd07defd318e2655522 |
| SHA512 | 632c7c68f1b11a82646b29981b0c97c50063a4022ea73d065a3c907575718d0a57624f3987c03513b4078b2bb9bc5ddcc3b558281df4dc426a7d94acc492c427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 16c9725d359362a7dce06a632d415700 |
| SHA1 | eb4ae3424fd491f7f3124f196fbe9220c5a496d1 |
| SHA256 | d38fadc80dd01efc38b15e7fb2a0b510131ae1c0cc94bbe72b372c8b22945e0b |
| SHA512 | c19607d8c820edcc268185e2f1910dd262a0293972cd00546fb45b7fdf152d3919078966ba19c78a89f57e83703f86a1057c6b7a995d3e891068a4b2f5f8a901 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2b8163201c5b3b7351854b48158ad41 |
| SHA1 | bb17c752aaba004be79d4705a27bc40d58a54b7d |
| SHA256 | 450e7c66bb1a2a2172c9ee8b44b13a26c93ffad41f71c524f9af183885f8e428 |
| SHA512 | 74066c0627a3a7db3e7f1aea1b7bfc327d375b3ff81f9a261f75985fef06b99750b5e19da1458fb6c70a7741479deddeb76b26bdb9b42d537eb5080aa9c7b564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c0acb102d9d030fa92afa573ae40bd0 |
| SHA1 | ed7096c68ae38fb6b03b0d250f9e64c146fc45e9 |
| SHA256 | 92c3e13ffd6f7dedc4879894a5e10cd899bc9864154ef3691e8b72409a327dd7 |
| SHA512 | 669cfffa26524c73ac317fe11833758f1441f76b365e3a935056edd80690ad6da1b4869cb9cf8d8e0b7ac2adec21f9e8ba1813fe03c22839aca7892e8606d56b |
memory/5552-593-0x0000000000400000-0x00000000005CC000-memory.dmp
C:\Users\Public\Desktop\⠉ᙏ༌Ⴔँ⺖੭גⶺ᎕⸰ᯎẞ
| MD5 | e49f0a8effa6380b4518a8064f6d240b |
| SHA1 | ba62ffe370e186b7f980922067ac68613521bd51 |
| SHA256 | 8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13 |
| SHA512 | de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4 |
memory/5552-769-0x0000000000400000-0x00000000005CC000-memory.dmp