Analysis Overview
Threat Level: Known bad
The file https://shrt.lat/AEucq was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-22 07:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-22 07:11
Reported
2024-12-22 07:14
Platform
win10v2004-20241007-en
Max time kernel
171s
Max time network
203s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shrt.lat/AEucq
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,9632907359637659369,10386612825924330083,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4988 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | shrt.lat | udp |
| DE | 46.4.88.158:443 | shrt.lat | tcp |
| DE | 46.4.88.158:443 | shrt.lat | tcp |
| US | 8.8.8.8:53 | www.r.oblox.com.es | udp |
| DE | 5.252.33.166:443 | www.r.oblox.com.es | tcp |
| US | 8.8.8.8:53 | 158.88.4.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| FR | 3.162.38.18:443 | static.rbxcdn.com | tcp |
| FR | 3.162.38.18:443 | static.rbxcdn.com | tcp |
| FR | 18.155.129.16:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 166.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.199.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| FR | 18.245.199.98:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 128.116.21.3:443 | roblox.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| GB | 23.73.139.26:443 | tr.rbxcdn.com | tcp |
| FR | 18.245.175.51:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | udp | |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.21.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.75.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | iad4-128-116-102-3.roblox.com | udp |
| US | 128.116.102.3:443 | iad4-128-116-102-3.roblox.com | tcp |
| US | 8.8.8.8:53 | sc0ak.rbxcdn.com | udp |
| US | 8.8.8.8:53 | cdg2-128-116-13-3.roblox.com | udp |
| US | 8.8.8.8:53 | sin4-128-116-50-3.roblox.com | udp |
| US | 8.8.8.8:53 | nrt1-128-116-120-3.roblox.com | udp |
| US | 8.8.8.8:53 | lga2-128-116-32-3.roblox.com | udp |
| US | 8.8.8.8:53 | roblox-poc.global.ssl.fastly.net | udp |
| US | 8.8.8.8:53 | lhr2-128-116-119-3.roblox.com | udp |
| US | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| US | 8.8.8.8:53 | lax4-128-116-63-3.roblox.com | udp |
| US | 8.8.8.8:53 | ams2-128-116-21-3.roblox.com | udp |
| GB | 88.221.134.74:443 | sc0ak.rbxcdn.com | tcp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.32.3:443 | lga2-128-116-32-3.roblox.com | tcp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| NL | 128.116.21.3:443 | ams2-128-116-21-3.roblox.com | tcp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.102.116.128.in-addr.arpa | udp |
| SG | 128.116.50.3:443 | sin4-128-116-50-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.63.3:443 | lax4-128-116-63-3.roblox.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 216.58.214.162:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 8.8.8.8:53 | 3.13.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.32.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.63.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.50.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.214.58.216.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| FR | 216.58.214.162:443 | ep1.adtrafficquality.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.81.91.in-addr.arpa | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 134.130.81.91.in-addr.arpa | udp |
| US | 151.101.1.194:443 | roblox-poc.global.ssl.fastly.net | tcp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| FR | 216.58.214.162:443 | ep1.adtrafficquality.google | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_1276_RERWDWNLMLAYGBLX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 02db607104f308c8d2a7c44fc74974e1 |
| SHA1 | 8cdf41ae1cab357a388b4a6177bfc92ca8e5d675 |
| SHA256 | 82bf8389ee6f48e29ecb925184e9b4ab2e1b6ef4149609f701e7ecc7c15fa2ec |
| SHA512 | 933b40206cba46159b6620f20358da79618333bf1c8c85c815e4e7eaf86473d57fb80a04fd760f9ef95071a5cf4699ec9221a2addcf2db2eec327c0ae1b483b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9d1353a96c685eabaebf06ce4ae15a81 |
| SHA1 | e3a03329a568d24ba16c1bfd8c50c8ae2ef536e4 |
| SHA256 | 37c00ea8132387bed9aff9a2b7c4327ee9640473f79c685075bad53db8e52933 |
| SHA512 | fe446e2151028a02165b908565b0ffe7fcecead4dd79d1b189f6447ca7824d486d5ffee216025e2f069d9311cbd54283651c23c05ba23d89c325071a66465f84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1abc4390ebddd2b4020564982424cd37 |
| SHA1 | 4acbf19640a5ba7e6d524c667ce1d44801452d56 |
| SHA256 | a7ce20ef61cbf7662a1601b344a8f8e571473c98822d7367dbf622c11962d560 |
| SHA512 | 6ef58bb2815909d5d8699004c97460d4ad44e4625e3723164268d195e163ceaac0339174ece35ea3177734b73d1663817f4b034df22633256c8ef5d9e21d2202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f9eae26207c8707bd5ddfda36041a2e4 |
| SHA1 | 1b55ec78c687304fc3005d16e93f828c42bbb693 |
| SHA256 | 2eef3f9f387148af82b5f26de5331e0c761019d472ecc2457c317d934645ac57 |
| SHA512 | bd2f736b248c2d0b380c4c3b96121112cfa966aa96038862a61470057789268a10d80fe0e34d689cb4abb839af5080b47e3a0617d3bf6136a24dbf809a9b49e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf17.TMP
| MD5 | 8eafc931ff1eac37bdd1f5dbbfb7d39a |
| SHA1 | b295cd7e5cdc04334e21e2d97e4d8624d96abef6 |
| SHA256 | a4353efe0fcd26e7c8cfbef1814e727a8c8ceedc50889c860c72413a0d01473e |
| SHA512 | b6142b47c8ab0a5a2b9851523f908721e5ed411e03e11da70701ce21209d18868c326194971caea5a9a4a6f00e7bc697046b0946ac8172fae8605c23a348cdd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0087f239c71d7bcc72d758f0f0a328ee |
| SHA1 | 168c3f2527f1b698e3caf8f59b90c4d1482c215d |
| SHA256 | 4203289f29cd42cbd676de80ffffb562f2e935d4dd35416d5d639099e9c71dab |
| SHA512 | e4892dd5a980ec1ab714c344df38d74a2807720bac9a7286364aa66896478deef115429311068064f5faafc9a8a598cfd6af7cd9e2faf7122a51e63980f2137e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d793.TMP
| MD5 | 78b6af05cb1deacbaa85210bebd0b898 |
| SHA1 | 157ec206a6b07578328a78a2317cec2d7e1eabcc |
| SHA256 | 475e381610097ca30cdf156678fcca712dcf341a602b3928917418f0d3deeaca |
| SHA512 | 26be4a774569f8b3e2c6b7086de35dde69e96abf34165aace3c2a61d60f8a56e8ae18266d08593c4ef24704f2b704456f112e4e1eb2a0c7c136102346c54964d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1d066aa18bb1a9a8985f180c1c913977 |
| SHA1 | 930055f9abd82d087b80c60b108f82ea5a5136a7 |
| SHA256 | b7525a6e31ffbab4e3bb023db47ac5f646755631e6bdc27b3bd34ded3fcb3b42 |
| SHA512 | fcae1467e592867355a804b8c7625d802851f35b1a999bfaceac6bf52b78aad15b35f3a35ff351a48a787f6836e1fa114b32e1432d7c8c9d14c0f4b3caf969b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f2bb47c7-48b5-488b-9b9a-a09e0e62b746.tmp
| MD5 | 5f0a16bc479c814e5d53cc214251ecc1 |
| SHA1 | 5813f915013099dbd0f6a5209179bebc60b32eb5 |
| SHA256 | 32e2e22a8421b3f6a5381b30d53196599dd8e860eaee4f2188c8f55ce95e46cb |
| SHA512 | 44367294a08e71efd5280fc9311ab718264db4fe0f72b06bcafb0b2e3438fbe6610fd8f31c571e005f49cf2877b9eee1c1008cf29e4f16edd536c34ad543437d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
| MD5 | 3474a52ca663a53e51c4ea29b770accf |
| SHA1 | 1f8d23ccf9ae0941d36f86196c163c2b4ea3b9c8 |
| SHA256 | e254b813292531c845539d0b726a38e39c7688a0e22850f6dc61c84d32f584d6 |
| SHA512 | 139032d42d583ab73f39d3a0ecea2718914623734b87d214028fbb3d0d0f3d73cd43a3d24b289c2ada11f24b1f4606b82f4763532c74a4caaf8dbc6cd8df6e28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ddea30343b09b87b5c2c0793818874e |
| SHA1 | 8186938df8d0d027448d4aabab50bca41d35549d |
| SHA256 | 6078af9d844b39e909f923b936307b2b87eeb586b0dc36bb2e0736df712d6221 |
| SHA512 | f1e4f43c7281155ef01d09fdacc74a079f4264931ce98f21b5707cadb1b0a7c36eb04d1f5400dcbaa09f3a4961a8f9a383387cc4860c664f7893e508517cc611 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | db2c684a774c88dbf5b3939907b6b55e |
| SHA1 | d29dc6da2bef8c5fc4943599ea6b6d7ee5012ccb |
| SHA256 | 8fc1aff28c5b608a78de632e7571f80f30c73127db5c1b364db0826f24ab87b7 |
| SHA512 | f61199e7eeb5989a98b4a24c80ec15b47f85475ab22de84964cac6c04dd143f6c5fe18207b34561acad9316ce80c29a759553f3962268f49591ca1d8f6fe34c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b4da759168b30b50fd0ebf3c760d3aaf |
| SHA1 | 6cc9d5b5e282e2ecb23228542ec3e2f6aad02b3c |
| SHA256 | 395fc075639049e21fd6d290dbc57c39ec93e8cda7e70907e4675ca78ff34841 |
| SHA512 | a5fe4403daf2f013cd6545c76dc7623cd4d9fa30da67641471a08848a48bd79ff3e6ee6eeec310d03bd90ddd569fa89e756e8c56f2768330a79bc00abf4b332f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 590f7f4bee3a0296f3a9ce074521fb25 |
| SHA1 | 68f8b5e75d0a7a3be6688c73c82c2efda17361c0 |
| SHA256 | 9a6f8285f965587fe493d4e7a4c2eb83e15c864998f357fb0e161358a202e522 |
| SHA512 | 6efbeb81c418779c6da7ae5ca0648a65846f1412ec8f76d705f3980fe71895438ae3e455a2b67ebaacf0ab08347d4e6ff2318b8c1e3a642999225ac70f3efa3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26c44448cad368d9a2d363b20d5bc7fd |
| SHA1 | a7a1dcd7a53d99a4611291fe8bda1f870de34e28 |
| SHA256 | fb50bf50554e2a0432361ffb9ed4c6ca194feea9b45fc64ff91cc2a5f185d5e1 |
| SHA512 | 26ad6da52fd185ccecf9ead88478b34dfcd6f585ebf7940008cb6b1877fd7d1a3572bf77833548a5b87a5892a545025306c86fb0f4a2da64dea56bcd81d7643f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43b4d650033e1718a9e3cc2a32ca747b |
| SHA1 | 14130abb1a89875827661860a501788591367e07 |
| SHA256 | d277830c0ba0118f782578b6fe1ad31b11a764e36f071fe25b09355926b9562f |
| SHA512 | 83b5bc43c8ee325d50c60328b218d03b8ec3ecc549a52e8308d98bd884be33b053cb6904a79ebff044dec3dfce39a8f842873ddd52df60d92aa75d19185856ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5352ddf6aec83884ee4ace5a97261ad0 |
| SHA1 | 7e013add37412dedc6a0c68dcd6215e9b3bc6869 |
| SHA256 | 07e72af63b08a7f57db16e2778b34764f3746fea9cd1197d4b3f1cd1e5f61b0e |
| SHA512 | abcff650f3aacf30ff230e1dd2a68c36cbcb693601c23e5e0b90b2cd89ae29148488fb1cfdc00cbe0e66604f9779e8299c2bf2f168698029bcfa68b3a0d2a142 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 75802633e5720b602c43528d3ac21c68 |
| SHA1 | 836030cfa827bcf8de4355d2c95d9c0b8fa07848 |
| SHA256 | affbd510e1d944c483f6ab10ffe8b0d211168568caaf7dec510c1784c1834452 |
| SHA512 | e98300c9e6ac23ad17a50946512633f8e5effc37180e3117a86752f3dacd49f9430b1dcd4dbbfb15c20433d443a0b76795d8d3614669af48e7742d6caa86500a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f24366180b7c79a1066ad55bbca543b |
| SHA1 | 29dcd084c1c1e02406d110e9c00c76ba09633c05 |
| SHA256 | 40aab9d19562ef5f6d1513774ab178222cb82700e0b15157ad596e4658bfc8b0 |
| SHA512 | f79fee96c0eef3ea91bf8ee46e21d7892121dffbd51006960f3c8a1cc42e228c838cbf9bb015ff28b9b4bcd50050f35651ece29b93183d5516109c61dee8c44b |