Analysis Overview
Threat Level: Known bad
The file https://www.roblox.com.tg/users/7590109699/profile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-06 20:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-06 20:18
Reported
2024-12-06 20:21
Platform
win10v2004-20241007-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{DD3F47FA-7124-44D9-876A-7E5E6E3D1B19} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.com.tg/users/7590109699/profile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2877028582745316086,15583033259726340424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.tg | udp |
| RU | 45.10.243.43:443 | www.roblox.com.tg | tcp |
| US | 8.8.8.8:53 | 43.243.10.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.50.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| FR | 104.123.50.160:443 | static.rbxcdn.com | tcp |
| FR | 104.123.50.160:443 | static.rbxcdn.com | tcp |
| FR | 18.155.129.88:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| FR | 104.123.50.154:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| FR | 104.123.50.170:443 | images.rbxcdn.com | tcp |
| FR | 104.123.50.170:443 | images.rbxcdn.com | tcp |
| FR | 104.123.50.170:443 | images.rbxcdn.com | tcp |
| FR | 104.123.50.170:443 | images.rbxcdn.com | tcp |
| FR | 95.101.134.139:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.50.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.50.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.50.123.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.134.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | fra2-128-116-123-3.roblox.com | udp |
| US | 8.8.8.8:53 | mia2-128-116-127-3.roblox.com | udp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | pulsar.roblox.com | udp |
| DE | 128.116.123.3:443 | fra2-128-116-123-3.roblox.com | tcp |
| US | 8.8.8.8:53 | mia4-128-116-45-3.roblox.com | udp |
| US | 8.8.8.8:53 | bom1-128-116-104-4.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 128.116.127.3:443 | mia2-128-116-127-3.roblox.com | tcp |
| US | 8.8.8.8:53 | dfw2-128-116-95-3.roblox.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| US | 128.116.45.3:443 | mia4-128-116-45-3.roblox.com | tcp |
| IN | 128.116.104.4:443 | bom1-128-116-104-4.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 128.116.95.3:443 | dfw2-128-116-95-3.roblox.com | tcp |
| US | 128.116.121.3:443 | pulsar.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 3.123.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.127.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.45.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.104.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.95.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.134.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.tg | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| FR | 18.245.175.6:443 | arkoselabs.roblox.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 6.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com.tg | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| FR | 3.162.38.58:443 | static.rbxcdn.com | tcp |
| FR | 52.222.201.13:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | 13.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 99.86.91.104:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 104.91.86.99.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 824b31785955855c656bf2a7f4571c0e |
| SHA1 | 82d1dabe730c600023f1f445d3b13c9db4646912 |
| SHA256 | 21652327c7c594a4f756fe41c6c4966c6b965493ac8d3bf5eea6c4b5f399d587 |
| SHA512 | 4692a08d1cfb229c18f2714bbdb5c44c2fcc21b4e435d229d8b858766aa2910f65c42497df1646c4df37863ffd3f2b4af2dc338baa9d293a82a5848ed62fff88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fda843842b6a6ca03e2c9f9781cc72ec |
| SHA1 | bb73667f980590516e607005509c706547e3c3c0 |
| SHA256 | b6d937e6e8f6152bb0d5059c5646e99a1f08c0d4da21affd0f88d1a50901d9df |
| SHA512 | f5433bdb83c9cc13bdc5274fbeba7fa7e9b216f3aaad55e2d90e97cea986e70da9abc2f828494458197c6a5be1ef3adfe4d6f8d309546a77e403e28b30dfabe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 47eb29323f9111f29e27582da6fb1146 |
| SHA1 | 27d8137d67325bc3710adc3498b019784f53681b |
| SHA256 | c9f22d4ed9a37c4406481b9defb3be126971badf4365f8c0b1b932aa03ac0e97 |
| SHA512 | 48910511f5cfc74c3892ad741604331a68cd6de8102b25eb39b8260a1bdc276d6f228b0731c95ba1fd7e4fd42be190c2271a766b2aad7890f19cd96aa435126b |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b0aec07eb8422cb5a9e1c1b63e816b2c |
| SHA1 | 588093779773f67fac140945ce9dea75578490ac |
| SHA256 | fd20af9f6a2e739d54e3dfba72d43e69b5fc74599c82d91364972a54cbd8dcea |
| SHA512 | 99905bb74926d92a3f2bd90af04c3e34c7887381149d3732bf1e9f1588f00ed68a12646c8f9483b79f4a25606a62dcb08a2270fe59c613159f17b7664b5292f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d7a3.TMP
| MD5 | af03f150304c4d3ed01c0d77c4102728 |
| SHA1 | 2d1f4ece7d30b715464aeafa55c090d034b845cb |
| SHA256 | 672dd1ebb762c9cf631927f06c5669cb1300ac6fd7264a0e7c5abd8b904cb75b |
| SHA512 | 6ced6e21c51bd2e0c660c96cb84f7b04384b9a30f1c91feed991fd2469ff40ca589b651e76bdd928b0f7d4c6ff28cd951fedb818195d2c001f7777491996188c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 87ae46c084bc9f03fa407cd28839b3b8 |
| SHA1 | cb6b15744470951ea580b4bee18a40202c2c4f95 |
| SHA256 | efe8b803c98601ca45d9997f84fe2560a1de717fc7b22d6439c36166fbbc9472 |
| SHA512 | 8bcfbc6c45f1c7c2c548a93b288e5f914e16f101f42a104c3455baeeaaae1bf875649ffa3130f2aa3c76cd8224192c8604def5d85cee4b424399d5431a5a9f1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbe9.TMP
| MD5 | f3a04dafd70fa80b25486b75a59024ec |
| SHA1 | 3cfb038f34fba9d189216abec4c057986cb08a33 |
| SHA256 | d0e7c38c1197cbf96353906601ba1d12f1771357dd4eae2b9937edf0e166f58b |
| SHA512 | b1f852cb22ad919bb443b5b091416d1e366e8496e0290e61c45e59c6bb4cfe4d557376ec48111a3eb8838454e6d8f6f8c9c8044104d6c529ec54269862eadf8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ed7f2bbc64301db5aed7ebd19a3c87d |
| SHA1 | e98805f1037adac888567d835132f6a0c8518c1f |
| SHA256 | b332eee980f7e030f5a99fe13cfba17e1aae9c4325a0918b4f8566c85f97872c |
| SHA512 | a883b0ada868a05caa7bfd648f0a4048455d9a7a2e8f5621b083a2ff9542e7d12e0d95ea5b345ca01ef1a3fb71c183b64d63fd8a29ac18da0074a447aaf1a4cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ecddc014b5d081264b63ca9778ccff19 |
| SHA1 | a75ad69e1b52d9c575ae4c3a60377cee10771d77 |
| SHA256 | 095b754b49ed1050d40a8390f39adf9e1ed7322100f76494f4c570c93db78f2a |
| SHA512 | 0641791a73c02aa849b9398545ee3a9c9deb87c670323547cd38dfed5d08c11690f324d43d9c20dce4d35d1eeb13f812b38a2541cd5639d1c4b92963738b6121 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2c3f8d3150d1451d7899bc3db1b3e0d3 |
| SHA1 | 46bf01d543bc426885285f8eef8b7271a039707c |
| SHA256 | 11d8d1bb505121dd492d3d49609b7ff19f02dad8f2ac39021e8161e2052f7113 |
| SHA512 | 4e6ab4f0c69b1fbba3888f2f9fd7cd1f50adeb347cd51af9533ece934e6ae06ce21d5b5163d84f399f00ac402ebb5bbe834d98af07c0e98f165801b8447ae9a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com.tg_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f99f35efa2d392fc7b78272a1fb2598 |
| SHA1 | 7ec0766f5311ea556560ecda4b50a718cc105ecd |
| SHA256 | f80b322d2696e132993179a73a808eb21f4046c297d030754ee937994eb04056 |
| SHA512 | eec245474ce17c6b4a7c5186f29685b0cce79e9660db64575b191b8ddafab1cde115105e50c552b3937e808b169cdaf8593b1b48814cec29e95f304a17707ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6f10275474c232d1d217502d1eac27ae |
| SHA1 | 5b7cc365f5fcf93a8fa221f32efd44ad1b07f6bb |
| SHA256 | 197e11695f4881f8521a180e94233955a894cb3d3b43d36f46a3018d8159346f |
| SHA512 | 51d8225070a6d97d3a21a8f423708cacf92a842e7405dd5c05b95c262ebaec933feafa7435380796de0bc66d5350465fa834adcae0945a348b2f02ede8136d7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e057a02f48cc6b3322d6ef953ce96230 |
| SHA1 | 475edadb060498f42eb600a36b401f4a6c1d4c8e |
| SHA256 | ba1c6c18206be2c525eb60ca1f3ff161731cd6c9232fdfefc274aa72b00901ec |
| SHA512 | 94ca0037899aaeb7cec0978338ea1e946804b05b06289426229fc85bdafb2945a5f0270af06c242ef82d921e5aafd8026d933b0469e7839ce44404ed95a7309c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 25a9901fa800b1aae3baa3b8da5dd483 |
| SHA1 | 1b5ab26e1cefe65975f31608b648bfaf84222425 |
| SHA256 | 565c7f7a4e9d2ed8a51c1bd0c7152a439eda99c42172d6aa50d45c3fbaf2fb66 |
| SHA512 | d166cdc1f920db1021d619d40b099c8e3c611b548f9c52cf5242c4c4596eb828273eae9abdadae4af5dd69566fc8d464f23b723bc4da23632e61de386b87f335 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7e5200d0c2ae6dab1b63b8d5df95c1af |
| SHA1 | 27ee580c2dfb00bc558725eceb8c1d7877740c04 |
| SHA256 | fbe7367ed9e31d0c666f7958fcc80c775cac624300271de1b38df4c1a36a053c |
| SHA512 | aafe761ade9587a0f4976e6821af9757f38da03c2d19d2fb6e77707441a40cc91d6cdf4590dfee42a7c7b950deacd1241e95644cae32f6cbf3c28203a29efccd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7930ff61781a4dadf11bbdb8cf6d9df1 |
| SHA1 | 5563adffd7666f5b78fb21559c905b38f2ec38f9 |
| SHA256 | 72b6e9455771904dceba3ded47378c6901da5bf19f2a75132d424877bfe85a33 |
| SHA512 | 957b65fdd7929ef0d8de5b5a25966ae94241ace6724bc4577132b1ddcbd3e844f2b74bd6c69d10b58b7df9f2a44722ec83c37a3030264f1868fd4b3bdf6ab10c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f9d9fd887b104b284357395c7e5d55dd |
| SHA1 | 7c0ea836591ce8f5fbc7254b901f8ad093e2c798 |
| SHA256 | b8862718d04d14229b530d46595c865178767fd8ffa1fd73f4748bb8671b2c32 |
| SHA512 | 0d5f94ccce842b11c7528492483924069491e792482f31419f7af1d9a76c9e8d936dfa569cae586cf0dfa514dea912f86db701be5709c925299b78d681ff28a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 51755de5beadbabf4fdc105e22cd55a3 |
| SHA1 | 11518ee16c58595b89451ad1a4d854b4152b24ff |
| SHA256 | 37f68c73f970fbf9b073e57d4d6786712e20e4a196e9f07f2f53861650d907fe |
| SHA512 | f88133f2e15108f579d53ff5d1ddd6e813e53bc1d095f394596f010a7df82112df3d70b2d38316ec2c512d7b55afde75b4616c7de05ba605d1875f3012fd4b00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e943e740596524a471b8e5b91f053d83 |
| SHA1 | 173871bc59385fed712632f110ab3b2644f564b5 |
| SHA256 | 6616a658cb763ca6abd69b866eb18bebef93e6cd6299d64b5a185db0fa6fe147 |
| SHA512 | c2a9e23a46d879bd1e3d4b13c74cf778f1c90aac3fc3fce8875280a73b57f200a861ae00c19f8d1b149ed4b1afedb9b5d71b6d7af795bd774807bc956fa844ba |