Malware Analysis Report

2025-01-18 22:59

Sample ID 241224-mkn8eavmgz
Target https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584
Tags
discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584 was found to be: Known bad.

Malicious Activity Summary

discovery

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-24 10:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-24 10:31

Reported

2024-12-24 10:34

Platform

win10v2004-20241007-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2992 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 2908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 3472 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2992 wrote to memory of 4532 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roflox.com/games/920587237/WINTER-Adopt-Me?privateServerLinkCode=864641066758228758180611311584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a0946f8,0x7ffa3a094708,0x7ffa3a094718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4124118125939643813,8862376513022554642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.roflox.com udp
DE 5.252.33.158:443 www.roflox.com tcp
DE 5.252.33.158:443 www.roflox.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 inju.cc udp
US 8.8.8.8:53 js.rbxcdn.com udp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
GB 88.221.135.219:443 css.rbxcdn.com tcp
DE 5.252.33.158:443 inju.cc tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 88.221.135.209:443 static.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
US 8.8.8.8:53 158.33.252.5.in-addr.arpa udp
US 8.8.8.8:53 219.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 65.253.245.18.in-addr.arpa udp
GB 143.204.68.81:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 roblox.com udp
GB 88.221.135.219:443 css.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
GB 128.116.119.4:443 roblox.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
GB 216.137.44.8:443 images.rbxcdn.com tcp
US 128.116.13.4:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 81.68.204.143.in-addr.arpa udp
US 8.8.8.8:53 43.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 4.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
DE 5.252.33.158:443 inju.cc tcp
US 8.8.8.8:53 ncs.roblox.com udp
US 128.116.13.4:443 ncs.roblox.com tcp
US 8.8.8.8:53 voice.roblox.com udp
US 8.8.8.8:53 lms.roblox.com udp
US 8.8.8.8:53 8.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 4.13.116.128.in-addr.arpa udp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 tr.rbxcdn.com udp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
GB 104.91.71.132:443 tr.rbxcdn.com tcp
US 8.8.8.8:53 132.71.91.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 assetgame.roflox.com udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 180.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 assetgame.roflox.com udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_2992_BOETEFJQXLKLALIZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f88a19d605c8407504735764b69c442e
SHA1 dc0b1e32030e23a0390f9dd509c323d3c4cd7008
SHA256 7937622a721ff76a32c6a84efe39662eda68cae294d6ff81b8edc63ef633f21a
SHA512 2b270e802208ca2a79514dedea10b58ea21af88d9e4183cc3c412c7c3b9a8a3e85fb7f96e2d876a0d7b2e1e564504e8fab3e79b809a2a9fb64f5ebb8b38975cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6f4560e177d465fb509de38d460cb0ec
SHA1 639fdf17e69a7c2334a8cd9fc10ecac064fa2656
SHA256 513ab1838b7544bb9d97e62592212b91558791e5830256f144e06a384cafafb9
SHA512 0f5ed2156bcd73436cf30808b2f334bc3959142a52b58c6ef340bcbd66b279bf9ad60f0af1cf7563d2513e58ea36d4726bc7ba7506b996f3805f1a0b12d6f43f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4df4705d60a63f46903de97df9c176f
SHA1 6b1692d25e990fdeaf4cb03f4be5a5592f8f806d
SHA256 cccf73e7e7fda0672ea76f65269b5f933c3cfab8896f2ed50fa78ae4ca7e17b7
SHA512 2b36abcd5fe1e2d2aac77ff2a6afddd521f9995fc0a08196d8724a16911907a5a53ea5062b0cceaa86727ad9da2f035d9ab2695e9b06c390b29c0db708b8a99d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a0376dbf429730a30d6a56ce195f678
SHA1 3f18e87bcb6acdaf3d14ac8961bf8b9ce60211ab
SHA256 a5c4bbb39ad7fdfb18d1d1921f0572c6f7a98289c907d71d4280f99acf4c1ad6
SHA512 e00cd924a8edb682a84e968886403d2d0ddd1e17dd9c0a79d429f663e5075c369b075b33e1abee5b6405ccb5030c87147c2333c086f116f08e3d748a9b7db6dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5697898c53c149cf4b0202a3434998db
SHA1 e0c5ee6e2c53d40725197b4b2db23d51e8c7f196
SHA256 5750427c7445d29a86443803d7a9688f21a90f0236e798287bd1dc627ecf48c7
SHA512 6a539f51bc4df2da56f4ef470259b4826e5b4a78f0d4d63b886d054af2cb181d62ea305162257c6af39e8936596f4256e8224df5cd279f745f0e1335278e2a3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8f6.TMP

MD5 d213ffb30fd56ec5e45f6e830366653c
SHA1 9d87c130d906b5904efbe66c3544cb63df2d95f8
SHA256 7df964afeecd6cd750d34293dc911cbdecc5530a77c2462a378cdab9f9e14317
SHA512 957840102810335040d06b85a5df6c3293e6ab974838c39b8ba266254460a4ef7836ade20f950c6bfedf0cb83f3f5d5e494cc94a764b17e9b0acbe4650e69d20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d6c590f0fa8bbadbb6938149cccf1a3
SHA1 13bd0a1925256230d3e8ed7c4f26e399acf07a64
SHA256 ffa02a11bf0b697d6ef01f8083336d6aa304534f982b9d79e47ecf15566ed9ca
SHA512 2eaae1ee0798d6f26988e75e9094434f6ca40e76b8d922fbad81cc0bc430b47092e5dce669c3f3b3fef43f0cb37233852e0e6302c5a2219a46898b542a0a9236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75ff61b1fed32bbb6427540591e2b0a8
SHA1 0bb2c3d640c70b31bcfc234c652a5cf20532d154
SHA256 3e03b2d6b69e0447df2af5cd0cf33f0b56d2437afbae2ee8ad5ded4fca384e26
SHA512 e1c6b9a4a49ad2848e821d52bd2c76908e621dbb772e64fdc451ddf053d48fc0455aaf6885776c377a6e04d21e0d0c8bb809b2d32166f128ce3d6c07c881645e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 82b4f3cf2a524d631ad08925da746992
SHA1 b9fd586f3e98546daa9665cee9721abd5094402e
SHA256 6f3d1655967f22d3c186d06e4438802537212b8130556f044893370975e0679f
SHA512 0c065acb804cbc1d71e8c32b0ea809a776b9f69bfc91c23ec0439dcc2975d6c8601033c1652a511247611fb31095dfe67fca35a84be1815fda63d7cbfca70d4e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f2436f3d88b81835bec0acbea953fe34
SHA1 80f8a18d53add28587f55bd406f6c402e59a90b3
SHA256 41c7d2de9efdf8627df67bc9ee370851d022555c34f22ddbbbb507c4f353172b
SHA512 e2501b79da29a308514227d2f09b7e02f71c48fb82246a56f5e3603610c25906802e99992f766515b0d72234722dffc42a1de9d4e128ba58406127384438d0b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 004404054af0428e8ea95fdda41aa5e8
SHA1 645145a084f877008e0016cb36ad7bf51114a6d2
SHA256 652d9daa7cc2a42d0a90200243b59d4dae8e178e524cac4966953b411e52af65
SHA512 597a06f01f50242ff47f8a9402d10b7bc16a339a13ee7423eb75e2879fae29b7b0b978d13d3f3f2f4fd22564de74615b6528e5d3bea16dd64a103ea260d8c67b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a9ddc926753fa045515341890451bd92
SHA1 15386fb84987d4f5ce7a12da0a4406123f5315bf
SHA256 52216c2ba700a244db56f27d334e11332da458ad63836d62ab8bebb559c6b27f
SHA512 7d4387cada5e2870e6cf35f73f5a9b32ed411359e2471230f2757411376da2f24229fa4d52a7de6270f639092e94aa13859eb059f056d599c8cb6f51f643bad6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ab7e26e2d0f7d41c47acedc207755891
SHA1 cb0329ae706bf3dc270dec36cd0020a959728f4c
SHA256 67a77c7ce946c44ccd41dfce7b1e049131b1a6557cc6da0296fe191f1b5d42a8
SHA512 edefe02b55c4a8e7dd9795563ba5c2fc2bfe1aca4399677fc5ac71203e734257b52dd7bf45df49092805ce45296537a98c6006a9e89d675a1d1d7ba9959991c8