Analysis Overview
Threat Level: Known bad
The file https://spoo.me/MQbNA7 was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-24 11:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-24 11:27
Reported
2024-12-24 11:30
Platform
win11-20241007-en
Max time kernel
132s
Max time network
133s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{562F3620-1278-4E19-BB45-CE2A990F9B4D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://spoo.me/MQbNA7
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1d1f3cb8,0x7ffe1d1f3cc8,0x7ffe1d1f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6600 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,8523138031092338512,7256233966318979812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1756 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spoo.me | udp |
| US | 76.76.21.21:443 | spoo.me | tcp |
| US | 76.76.21.21:443 | spoo.me | tcp |
| DE | 5.252.33.166:443 | www.roblox.et | tcp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| FR | 3.162.38.66:443 | static.rbxcdn.com | tcp |
| FR | 3.162.38.66:443 | static.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 18.244.28.58:443 | js.rbxcdn.com | tcp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 3.164.163.127:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 127.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| FR | 18.245.199.116:443 | css.rbxcdn.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| FR | 18.155.129.16:443 | roblox-api.arkoselabs.com | tcp |
| FR | 18.245.175.119:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.119:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.119:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.119:443 | images.rbxcdn.com | tcp |
| FR | 18.245.175.119:443 | images.rbxcdn.com | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 119.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 128.116.13.4:443 | ncs.roblox.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | lax2-128-116-116-3.roblox.com | udp |
| US | 8.8.8.8:53 | sc0cfly.rbxcdn.com | udp |
| US | 8.8.8.8:53 | sc0aws.rbxcdn.com | udp |
| US | 128.116.13.4:443 | ncs.roblox.com | tcp |
| FR | 18.155.129.51:443 | sc0.rbxcdn.com | tcp |
| DE | 128.116.44.3:443 | fra4-128-116-44-3.roblox.com | tcp |
| US | 128.116.116.3:443 | lax2-128-116-116-3.roblox.com | tcp |
| US | 128.116.99.3:443 | atl1-128-116-99-3.roblox.com | tcp |
| GB | 128.116.119.3:443 | lhr2-128-116-119-3.roblox.com | tcp |
| US | 128.116.101.3:443 | ord2-128-116-101-3.roblox.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| US | 128.116.13.3:443 | cdg2-128-116-13-3.roblox.com | tcp |
| US | 205.234.175.102:443 | sc0cfly.rbxcdn.com | tcp |
| FR | 3.162.38.124:443 | sc0aws.rbxcdn.com | tcp |
| FR | 172.217.20.194:443 | ep1.adtrafficquality.google | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| GB | 104.91.71.132:443 | tr.rbxcdn.com | tcp |
| JP | 128.116.120.3:443 | nrt1-128-116-120-3.roblox.com | tcp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 3.99.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.116.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.120.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| FR | 172.217.20.194:443 | ep1.adtrafficquality.google | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 2.18.66.162:443 | tcp | |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
\??\pipe\LOCAL\crashpad_1608_LNBZRGCOBCTNDVUV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62ef3431432eb41f3d3afef080a8b2bd |
| SHA1 | 38574d15099d011f0f1e1810f5abf946c8838d64 |
| SHA256 | 78bb6703969d0289bfa4feddd80b121cd24b3e5b09f467c1b88a58dcbee88bf7 |
| SHA512 | f5464556b0a153d5340ae67ceb0466cce61f7f8dff1167d10809b48e94828813ddc2e8d020721460d6778673a29c75e1d031c1a6be437ee540ea53bf88e9b0bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | bc920f289d5e3316096e70588d38c6f7 |
| SHA1 | 4c5bdbd97e93f4c965688284a0c112d6720cb1a9 |
| SHA256 | 31d36eda814ed45231307548a288df9243c418c7e75ec158028a20a1ac65f2bc |
| SHA512 | edb11a20393297225a21c5780b350569415ff381d7c310748ddde91c75e4bfb00e1a378382f4273c148c08feba102f78649a3660d6a25c8d702c70d2949d1ce5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 588ee33c26fe83cb97ca65e3c66b2e87 |
| SHA1 | 842429b803132c3e7827af42fe4dc7a66e736b37 |
| SHA256 | bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760 |
| SHA512 | 6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8c06c004623d2002add7d78aeb0d841d |
| SHA1 | 56829c533ca3a7b100bee6f0cb0626665f753fb0 |
| SHA256 | 97529b7a1cc60e1ecdbff19509291248a006c183dfc9d550949d4483aac28116 |
| SHA512 | 80aba7772dc0f033973ef50825f8eaf924306a89c529674c871c6c1b4e031fa76ee76b8557cf9b22170f25a43084d518efa248052f62100e6e3021fe61aa5322 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebbd3933537273689a98ec9ff83b1b15 |
| SHA1 | e9cfbd45e0c2f4afad65c3e1118df430f1ce334f |
| SHA256 | b29ccb73e6572693f3f8fdb5577b1efea034822c2da2b1585e8f4d0fc1d72c04 |
| SHA512 | 75fccc873eb23078ddf2d6e53a2579b3223c39aa2a650797d69e38a6f2c075a715e47fdd2e6dd643130790c74fcf8bd13a9d67d98bd0706a9e3919f44e24b67e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9f9fb0d75d90b4878f509b23f7ddf832 |
| SHA1 | f5ee9067c3b062c1b4656a729f089cb6d797b819 |
| SHA256 | c06f97404b4f8afbbd49c2598b7e43ca2d4922b172728edcabb624ac1fa37506 |
| SHA512 | bd9bc3c85b92e96041ac73057861846b0012fad67e06e0b0516c64cc0b8e0cc990ddcdb8dc5df6a8e01031a481e74cf8af9aea2f95b2aa6b549ccaba9597b474 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 05903545662cd3fa6584d4d212f2ecce |
| SHA1 | 6892e2d1fe6d355c5d7db2be54d77138749fc5a7 |
| SHA256 | 553921827c49878b4ef020b90cdefdf553dbcbb1f0a25ddb4003270a8cd7dd23 |
| SHA512 | 35b32ed108cfd732d827f271b67f0385068a090fb7405bad7053aad94517cafeece1ed743b73c803a2ba15407ab4327337bcf45111dd85c57c6ab122fc30d470 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c63e.TMP
| MD5 | 567bd27b0e05476f6f6a176665198337 |
| SHA1 | dea2b868e91d2fd165e69c2515149350259d487d |
| SHA256 | 7febd526350491bac3398a9b5f868f5cfa83af4578be62d1d2da526a20d82593 |
| SHA512 | da411bd1bb52b4249e09de66176289a06dbe5e4244415fdfcb58d5da6d4ff6bbcbec95855352d9be1dc942a9c8bebbac56abd9c702fd15ffdea4a3ddc47f9f91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9720aef9a69c1509f05605b69ccff2f |
| SHA1 | 5d4614580f70c2f45f964d8e2bfb9795134b8874 |
| SHA256 | 93d631e7edfea2a68b446a09b8dea4b000ba04830075c6933077e06bb355ea28 |
| SHA512 | 23e3c79cf75da7125b894fe0b363a35334ddee3563b7aa9a39dfc986e160238108fc59877d1449865f3075b72c539f8d64dbfa2c19ee4f21685c2b8534e14153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3b07de3b409f7ad747ccc9bbeb850d2c |
| SHA1 | d3b120d7cd59894e0e67af3e53c5c384fb1217d6 |
| SHA256 | 405796468f067e7721c3bbec06a33e3dfb50a528812a368d17820d56e68cdc68 |
| SHA512 | bac19259ed8847934f2db014768688211e806987210b932a43d87bc83762abce00fbf91c0d0d5280c373c4562369f3f3f50f2f6b45134b86493ec2b4cb5b3b89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cec9.TMP
| MD5 | 7aac63e78b6ad12c63221346fe3d43f6 |
| SHA1 | 1740bb673537792529ed4d57e05ec09f4688b7be |
| SHA256 | d579c46301a44aef57395ad82d2263f4ea7166fd5ecae32867c0517d9da0e8d5 |
| SHA512 | 5cbe9ce16aed5be6d67b121cd11aa9e928473f18886ecbfb053536369e664902d2ba6cca1e28f26e382863b9b5b7f455d0ca86593b217e1a03adf8680ee196d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e79b157789990f77d97d75033238aebf |
| SHA1 | 34b016c4fbf1e30d85a66ef9babc6037cc3b7321 |
| SHA256 | 0c0d53f3203f69c1a8865eeba68793c1922d0c63c0e4ca2ffbf74998c9fbbe25 |
| SHA512 | 28d2997a3e96523409e8675b4c2fa9bc5fdad83982dafbb740e599ee217037f3944eccd8712e7094c00c4461f118e2ebc9ca76d920efdd282304cab682815c3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0b8cbd5dda3b6adabcd832588d4c1c1 |
| SHA1 | d2ce69eaa0442fcbe6cf8dd0a8c81d15a0549d1b |
| SHA256 | 4420a2a5086d4d076168930654a81e356411bb13cf3c627e98ef3c35759fbaaa |
| SHA512 | b62b7bf390c332a7a356b4604fc3d881d0046b843f1f6cf999082fbf97bc922d0fd0fe6f1ebd4ca0928c21350874b5bf59f60a219fa1d87d0f6353badc0588fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 641a74e59ba4f732d30578e847395dd4 |
| SHA1 | 21dd4cbcdfa0a7193d7618f666d799338166384d |
| SHA256 | b21f55f76e9ddecf539c025e20c90a7eefc84d538afb755bdff121b59a8aa6f7 |
| SHA512 | 981fde5b5748fce72c904e23e019903041d2608ecb67a0654d9e4d2a25cb9d90a7e7538350e70e90ae990eabfbb94d7d1fbc3e5afbd52ad37c5b4603bcfb876c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0aed313c520752341310dfeb78822652 |
| SHA1 | 1eb7b4807560310202f7c1bb3406702e4ac4ca07 |
| SHA256 | 5b3c8dc7f7efd45bbf418e5abbfd75c49e6a58f32551ff3680ca387cdccce54d |
| SHA512 | e9e9ef6687b5a2f161546c572fbc00f79d67ef9cab5936c5e53803f899185eec39f440c34ec839c45bf495efa9dd7cdcf378902e66ef1b5cf47fb2c401c9989d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e75f3a7015df508cf3dabca98bd6af3b |
| SHA1 | 4c450f843893bb0743b50c9c9a2da1f53deb7db3 |
| SHA256 | 6af1aae62e141e207f636ebd71d8c122969aba49e42ef966e50e7ff7a0ea20c5 |
| SHA512 | b8d9c3131a665505a0c10361f0bfb5fc4a3b7ab7c216a20792f309f1fb2a27662472d66cd8d3e58f34fc180b2111624740bb414606c491f4a50e0832486f4454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12120014ce15d8360617ee3ee4e828b2 |
| SHA1 | 657168670b940755cc04949db3ca45057e058401 |
| SHA256 | 3ced2ed45df65bf9097b05676f4f1d403918bcccd20acf7804ead3decefeacc2 |
| SHA512 | 29d0cb6fc86c92063e5ab607fe8d8d2318115b55211f938fc70e931cae8a587da5d12c1350452e2d33935db3a3b42bb509b8735a07ce947a99a67cd36c2815af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.et_0.indexeddb.leveldb\LOG.old~RFe595569.TMP
| MD5 | b716c42ec739f7cf375faacc04b63027 |
| SHA1 | 9090f01e41a28f823d562ef4a91c848127b3aed0 |
| SHA256 | 1ce22f4db1d0205d5fffa8f38acd175d1fd5fcda1435628838d25e181502fdd4 |
| SHA512 | 1dd8fe234ddae2653bb637e828003c1ef6867ab942cd40999daae57192c908c3a5bf4215d93646d5b4e92951533cd15059097484d9a5c133c3050b5c3eb77c7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.et_0.indexeddb.leveldb\LOG.old
| MD5 | a099c1a86dff29311702b5cb96712630 |
| SHA1 | 9ca4b28828c17dcd45e4d12ae93405a02af69dce |
| SHA256 | f29fdc0a445b469e519ee730540e728491818b35c9e4551ed9b78650191d40d5 |
| SHA512 | 49b9f9e26d8568b35e8113457daad54fde1c16cf6e2624f76157f82f951f216a3f4c4dd63237f6448ff7bdb17e55eb3d89a0aebfde9989c85afb182f9cd0cb0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73f81a71-43f0-4b2f-8319-b3d8ce6a8dcc.tmp
| MD5 | a20ea601aa147e0b5398fd1bdbf04459 |
| SHA1 | 2153521225c003097028f15380e3e2bf6e1aaa65 |
| SHA256 | 7519ab9c6fa2735b8a4158cd6c311f9d95cc524c4a93a8f6e2085dbb429f23e1 |
| SHA512 | 8002f40e8c0fefccd5bc515f1c61fc2a864d585ed1a1493dcdbc2e5c49ff5a21ccd8a42a048a51bdb73ce6942b780a60fef1787bf87604491b81460060872c58 |