822b6bd963cba3c0762d3ddfa83b070c33d9b90eedba798fa5d5436aae491a19

Resubmissions

30/12/2024, 03:21 UTC

241230-dwa1gswpdt 10

30/11/2024, 20:08 UTC

241130-ywkj5sxqdp 10

30/11/2024, 20:06 UTC

241130-yvtfnatmay 10

Analysis

max time kernel
79s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/12/2024, 03:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solara 1.25.exe
Size

71.8MB
MD5

6b32177d5218d0f5158eb91bfcc54c15
SHA1

19d0b30aa6fe9a5bbc9b583bbd48b70861420b4a
SHA256

822b6bd963cba3c0762d3ddfa83b070c33d9b90eedba798fa5d5436aae491a19
SHA512

39db07ff94dcc915f221f558f69590d32f0fae09bcd2b6d9c2ad01d2af83ef5dca5adbcb3a5d3837aad586232bec400ea8733bfd10c1fb7207017c67e81b171d
SSDEEP

1572864:v9JxSm1WIacirAH8+1osuTCSxOB6xMLiIpB2qHWB75ilQhmqZ8Qry4hlDVgc:fzZRS6xjKcBa6/2qHO5iopyQry4bB

Score

9^/10

discovery evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara 1.25.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara 1.25.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara 1.25.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara 1.25.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara 1.25.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara 1.25.exe

Loads dropped DLL 1 IoCs

pid	Process
2088	Solara 1.25.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2496-0-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2496-2-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2496-3-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2088-1158-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2088-1160-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2088-1161-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2496-1164-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2088-1165-0x0000000140000000-0x0000000140945000-memory.dmp	themida
behavioral1/memory/2496-2320-0x0000000140000000-0x0000000140945000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara 1.25.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara 1.25.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2496	Solara 1.25.exe
2088	Solara 1.25.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLsTime	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url6 = 0000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url3 = "https://login.aliexpress.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url1 = 607a3b346a5adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url5 = "https://login.live.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\WarnOnClose = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url2 = "https://www.facebook.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url6 = "https://twitter.com/"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLs\url1 = "http://roblox.com/"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url3 = 0000000000000000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TypedURLsTime\url4 = 0000000000000000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60663D51-C65D-11EF-9081-4A174794FC88} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D634E93-69B7-11EF-9081-4A174794FC88}.dat = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	3588	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
5920	iexplore.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
4564	iexplore.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
5920	iexplore.exe
5920	iexplore.exe
5972	IEXPLORE.EXE
5972	IEXPLORE.EXE
6080	IEXPLORE.EXE
6080	IEXPLORE.EXE
5972	IEXPLORE.EXE
5972	IEXPLORE.EXE
4564	iexplore.exe
4564	iexplore.exe
4624	IEXPLORE.EXE
4624	IEXPLORE.EXE
4564	iexplore.exe
4624	IEXPLORE.EXE
4624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2088	2496	Solara 1.25.exe	30
PID 2496 wrote to memory of 2088	2496	Solara 1.25.exe	30
PID 2496 wrote to memory of 2088	2496	Solara 1.25.exe	30
PID 5920 wrote to memory of 5972	5920	iexplore.exe	33
PID 5920 wrote to memory of 5972	5920	iexplore.exe	33
PID 5920 wrote to memory of 5972	5920	iexplore.exe	33
PID 5920 wrote to memory of 5972	5920	iexplore.exe	33
PID 5920 wrote to memory of 6080	5920	iexplore.exe	34
PID 5920 wrote to memory of 6080	5920	iexplore.exe	34
PID 5920 wrote to memory of 6080	5920	iexplore.exe	34
PID 5920 wrote to memory of 6080	5920	iexplore.exe	34
PID 3588 wrote to memory of 3600	3588	chrome.exe	37
PID 3588 wrote to memory of 3600	3588	chrome.exe	37
PID 3588 wrote to memory of 3600	3588	chrome.exe	37
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3792	3588	chrome.exe	39
PID 3588 wrote to memory of 3808	3588	chrome.exe	40
PID 3588 wrote to memory of 3808	3588	chrome.exe	40
PID 3588 wrote to memory of 3808	3588	chrome.exe	40
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41
PID 3588 wrote to memory of 3828	3588	chrome.exe	41

C:\Users\Admin\AppData\Local\Temp\Solara 1.25.exe
"C:\Users\Admin\AppData\Local\Temp\Solara 1.25.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\Solara 1.25.exe
  "C:\Users\Admin\AppData\Local\Temp\Solara 1.25.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2088

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5920 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5920 CREDAT:275463 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6819758,0x7fef6819768,0x7fef6819778
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1636 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1628 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4012 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3944 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1876 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1384,i,13109244878462229736,15502964156145256108,131072 /prefetch:8
  2⤵
  PID:5628

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4176

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4564
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4564 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4624

Network

DNS

api.bing.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

api.bing.com

IN A

Response

api.bing.com

IN CNAME

api-bing-com.e-0001.e-msedge.net

api-bing-com.e-0001.e-msedge.net

IN CNAME

e-0001.e-msedge.net

e-0001.e-msedge.net

IN A

13.107.5.80
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

172.217.20.164
GET

https://www.google.com/async/ddljson?async=ntp:2

chrome.exe

Remote address:

172.217.20.164:443

Request

GET /async/ddljson?async=ntp:2 HTTP/2.0
host: www.google.com
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_promos

chrome.exe

Remote address:

172.217.20.164:443

Request

GET /async/newtab_promos HTTP/2.0
host: www.google.com
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

chrome.exe

Remote address:

172.217.20.164:443

Request

GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/2.0
host: www.google.com
x-client-data: CNnzygE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
GET

http://api.bing.com/qsml.aspx?query=ro&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=ro&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
GET

http://api.bing.com/qsml.aspx?query=rob&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=rob&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
GET

http://api.bing.com/qsml.aspx?query=robl&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=robl&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 280
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; domain=.bing.com; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
Set-Cookie: _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; domain=.bing.com; path=/; HttpOnly
Set-Cookie: _EDGE_V=1; domain=.bing.com; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
Set-Cookie: SRCHD=AF=IE11SS; domain=.bing.com; expires=Wed, 30-Dec-2026 03:23:33 GMT; path=/
Set-Cookie: SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; domain=.bing.com; expires=Wed, 30-Dec-2026 03:23:33 GMT; path=/
Set-Cookie: SRCHUSR=DOB=20241230; domain=.bing.com; expires=Wed, 30-Dec-2026 03:23:33 GMT; path=/
Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Wed, 30-Dec-2026 03:23:33 GMT; path=/
Set-Cookie: _SS=SID=3922F80F664E634902A4ED6A67A362A5; domain=.bing.com; path=/
X-EventID: 677212353ed846569b4751ae7da2f358
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 75B29C98753F431C92BCA3ED5C80D21D Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:32 GMT
GET

http://api.bing.com/qsml.aspx?query=roblo&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblo&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 278
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 6772123532b444c39855bbb17fcc9deb
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 917924AEA7374BE38CBD3DC6BA4C3939 Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:32 GMT
GET

http://api.bing.com/qsml.aspx?query=roblox&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblox&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 279
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 6772123575c44ed5a4d4a099fb4a3245
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: BC0798F342F34932B866774476A1CBA9 Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:32 GMT
GET

http://api.bing.com/qsml.aspx?query=roblox.&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblox.&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 274
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 677212357361499a9195fdaf52abd83c
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 5E9CEB2ABB8B4F92AC0A67FF36596FE9 Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:33 GMT
GET

http://api.bing.com/qsml.aspx?query=roblox.c&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblox.c&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 272
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 6772123504824def858494ad46ca3159
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: 61FC2E7B62914963A5C184AE53350349 Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:33 GMT
GET

http://api.bing.com/qsml.aspx?query=roblox.co&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblox.co&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 268
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 6772123580a74ead8a96439485cfef39
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: CCD43F56AA4C4470BE1E54E49F8908D1 Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:33 GMT
GET

http://api.bing.com/qsml.aspx?query=roblox.com&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

IEXPLORE.EXE

Remote address:

13.107.5.80:80

Request

GET /qsml.aspx?query=roblox.com&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.bing.com
Connection: Keep-Alive
Cookie: MUID=3485467B3BE067121C6D531E3A0D6695; _EDGE_S=F=1&SID=3922F80F664E634902A4ED6A67A362A5; _EDGE_V=1; SRCHD=AF=IE11SS; SRCHUID=V=2&GUID=C9D67BCEDCF2494BA97F3FD4FD1CC228&dmnchg=1; SRCHUSR=DOB=20241230; SRCHHPGUSR=SRCHLANG=en; _SS=SID=3922F80F664E634902A4ED6A67A362A5; MUIDB=3485467B3BE067121C6D531E3A0D6695

Response

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Content-Length: 275
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Set-Cookie: MUIDB=3485467B3BE067121C6D531E3A0D6695; expires=Sat, 24-Jan-2026 03:23:33 GMT; path=/; HttpOnly
X-EventID: 67721235d8904854b116205e92b4eef9
UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: A40E49A26E474A898A8DAEAA43F8557E Ref B: AMS04EDGE3322 Ref C: 2024-12-30T03:23:33Z
Date: Mon, 30 Dec 2024 03:23:33 GMT
DNS

roblox.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

roblox.com

IN A

Response

roblox.com

IN A

128.116.13.3
DNS

IEXPLORE.EXE

Remote address:

128.116.13.3:80

Response

HTTP/1.1 408 Request Time-out

Content-length: 110
Cache-Control: no-cache
Connection: close
Content-Type: text/html
GET

http://roblox.com/

IEXPLORE.EXE

Remote address:

128.116.13.3:80

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: roblox.com
Connection: Keep-Alive

Response

HTTP/1.1 307 Temporary Redirect

content-length: 0
location: https://roblox.com/
cache-control: no-cache
GET

https://roblox.com/

IEXPLORE.EXE

Remote address:

128.116.13.3:443

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: roblox.com
Connection: Keep-Alive

Response

HTTP/1.1 308 Permanent Redirect

content-length: 0
location: https://www.roblox.com/
strict-transport-security: max-age=31536000; includeSubDomains; preload
GET

https://roblox.com/favicon.ico

IEXPLORE.EXE

Remote address:

128.116.13.3:443

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: roblox.com
Connection: Keep-Alive

Response

HTTP/1.1 308 Permanent Redirect

content-length: 0
location: https://www.roblox.com/favicon.ico
strict-transport-security: max-age=31536000; includeSubDomains; preload
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.215.42

content-autofill.googleapis.com

IN A

172.217.20.202

content-autofill.googleapis.com

IN A

142.250.201.170

content-autofill.googleapis.com

IN A

142.250.75.234

content-autofill.googleapis.com

IN A

172.217.20.170

content-autofill.googleapis.com

IN A

172.217.18.202

content-autofill.googleapis.com

IN A

142.250.179.106

content-autofill.googleapis.com

IN A

216.58.213.74

content-autofill.googleapis.com

IN A

142.250.178.138

content-autofill.googleapis.com

IN A

216.58.214.74

content-autofill.googleapis.com

IN A

142.250.179.74

content-autofill.googleapis.com

IN A

216.58.214.170
DNS

roblox.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

roblox.com

IN A

Response

roblox.com

IN A

128.116.119.3
DNS

www.roblox.com

Remote address:

8.8.8.8:53

Request

www.roblox.com

IN A

Response

www.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

css.rbxcdn.com

Remote address:

8.8.8.8:53

Request

css.rbxcdn.com

IN A

Response

css.rbxcdn.com

IN CNAME

cssns1.rbxcdn.com

cssns1.rbxcdn.com

IN CNAME

csscfly.rbxcdn.com

csscfly.rbxcdn.com

IN CNAME

roblox-css.cachefly.net

roblox-css.cachefly.net

IN A

205.234.175.102
DNS

static.rbxcdn.com

Remote address:

8.8.8.8:53

Request

static.rbxcdn.com

IN A

Response

static.rbxcdn.com

IN CNAME

staticns1.rbxcdn.com

staticns1.rbxcdn.com

IN CNAME

staticak.rbxcdn.com

staticak.rbxcdn.com

IN CNAME

static.rbxcdn.edgesuite.net

static.rbxcdn.edgesuite.net

IN CNAME

a1992.w27.akamai.net

a1992.w27.akamai.net

IN A

88.221.135.209

a1992.w27.akamai.net

IN A

88.221.134.25
DNS

js.rbxcdn.com

Remote address:

8.8.8.8:53

Request

js.rbxcdn.com

IN A

Response

js.rbxcdn.com

IN CNAME

jsns1.rbxcdn.com

jsns1.rbxcdn.com

IN CNAME

jsaws.rbxcdn.com

jsaws.rbxcdn.com

IN CNAME

dw04ej0wrfjel.cloudfront.net

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.58

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.99

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.113

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.55
DNS

crt.rootg2.amazontrust.com

Remote address:

8.8.8.8:53

Request

crt.rootg2.amazontrust.com

IN A

Response

crt.rootg2.amazontrust.com

IN A

3.164.163.127

crt.rootg2.amazontrust.com

IN A

3.164.163.87

crt.rootg2.amazontrust.com

IN A

3.164.163.90

crt.rootg2.amazontrust.com

IN A

3.164.163.59
GET

http://crt.rootg2.amazontrust.com/rootg2.cer

Remote address:

3.164.163.127:80

Request

GET /rootg2.cer HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.rootg2.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: binary/octet-stream
Content-Length: 1145
Connection: keep-alive
Last-Modified: Tue, 17 Dec 2024 14:00:38 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: HYe_bzWYBKPuhtcEvhe9U0Ls7dAVbkD_
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 30 Dec 2024 02:16:36 GMT
ETag: "c6150925cfea5941ddc7ff2a0a506692"
X-Cache: Hit from cloudfront
Via: 1.1 b7c17dda962249acad4693c264f9df0e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: CDG55-P3
X-Amz-Cf-Id: 0ZU8FWIlVTXNRyVSXh-cBLTMItgJxGDD-OuzNjKD-C7ZyzP7tN45Kw==
Age: 4040
DNS

metrics.roblox.com

Remote address:

8.8.8.8:53

Request

metrics.roblox.com

IN A

Response

metrics.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

ecsv2.roblox.com

Remote address:

8.8.8.8:53

Request

ecsv2.roblox.com

IN A

Response

ecsv2.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

apis.roblox.com

Remote address:

8.8.8.8:53

Request

apis.roblox.com

IN A

Response

apis.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

apis.rbxcdn.com

Remote address:

8.8.8.8:53

Request

apis.rbxcdn.com

IN A

Response

apis.rbxcdn.com

IN CNAME

apisns1.rbxcdn.com

apisns1.rbxcdn.com

IN CNAME

apisaws.rbxcdn.com

apisaws.rbxcdn.com

IN CNAME

d3smszjb1gn4q5.cloudfront.net

d3smszjb1gn4q5.cloudfront.net

IN A

99.86.91.74

d3smszjb1gn4q5.cloudfront.net

IN A

99.86.91.90

d3smszjb1gn4q5.cloudfront.net

IN A

99.86.91.66

d3smszjb1gn4q5.cloudfront.net

IN A

99.86.91.104
DNS

locale.roblox.com

Remote address:

8.8.8.8:53

Request

locale.roblox.com

IN A

Response

locale.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

auth.roblox.com

Remote address:

8.8.8.8:53

Request

auth.roblox.com

IN A

Response

auth.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

images.rbxcdn.com

Remote address:

8.8.8.8:53

Request

images.rbxcdn.com

IN A

Response

images.rbxcdn.com

IN CNAME

imagesns1.rbxcdn.com

imagesns1.rbxcdn.com

IN CNAME

imagesaws.rbxcdn.com

imagesaws.rbxcdn.com

IN CNAME

dapx4swc8lj69.cloudfront.net

dapx4swc8lj69.cloudfront.net

IN A

18.245.175.51

dapx4swc8lj69.cloudfront.net

IN A

18.245.175.61

dapx4swc8lj69.cloudfront.net

IN A

18.245.175.128

dapx4swc8lj69.cloudfront.net

IN A

18.245.175.119
DNS

crl.microsoft.com

Remote address:

8.8.8.8:53

Request

crl.microsoft.com

IN A

Response

crl.microsoft.com

IN CNAME

crl.www.ms.akadns.net

crl.www.ms.akadns.net

IN CNAME

a1363.dscg.akamai.net

a1363.dscg.akamai.net

IN A

88.221.134.83

a1363.dscg.akamai.net

IN A

88.221.134.146
GET

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

Remote address:

88.221.134.83:80

Request

GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1036
Content-Type: application/octet-stream
Content-MD5: +oTkvMkqpdtzWrUHEQQM3g==
Last-Modified: Thu, 12 Dec 2024 00:06:56 GMT
ETag: 0x8DD1A40E476D877
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 729f9bbc-001e-0005-142b-4c8531000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 30 Dec 2024 03:24:05 GMT
Connection: keep-alive
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144
GET

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

Remote address:

95.100.245.144:80

Request

GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.microsoft.com

Response

HTTP/1.1 200 OK

Content-Length: 1078
Content-Type: application/octet-stream
Content-MD5: PjrtHAukbJio72s77Ag5mA==
Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
ETag: 0x8DCFA0366D6C4CA
x-ms-request-id: aa584fbb-e01e-0040-08ef-2b50d2000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Mon, 30 Dec 2024 03:24:05 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV5a12b981.0
ms-cv-esi: CASMicrosoftCV5a12b981.0
X-RTag: RT
DNS

redirector.gvt1.com

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.20.174
DNS

r3---sn-aigzrnld.gvt1.com

Remote address:

8.8.8.8:53

Request

r3---sn-aigzrnld.gvt1.com

IN A

Response

r3---sn-aigzrnld.gvt1.com

IN CNAME

r3.sn-aigzrnld.gvt1.com

r3.sn-aigzrnld.gvt1.com

IN A

74.125.97.72
DNS

assetgame.roblox.com

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com

IN A

Response

assetgame.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

ncs.roblox.com

Remote address:

8.8.8.8:53

Request

ncs.roblox.com

IN A

Response

ncs.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-lhr2.roblox.com

edge-term4-lhr2.roblox.com

IN A

128.116.119.4
DNS

arkoselabs.roblox.com

Remote address:

8.8.8.8:53

Request

arkoselabs.roblox.com

IN A

Response

arkoselabs.roblox.com

IN CNAME

d22703ixv0v5yp.cloudfront.net

d22703ixv0v5yp.cloudfront.net

IN A

18.245.175.18

d22703ixv0v5yp.cloudfront.net

IN A

18.245.175.126

d22703ixv0v5yp.cloudfront.net

IN A

18.245.175.6

d22703ixv0v5yp.cloudfront.net

IN A

18.245.175.87
DNS

www.microsoft.com

Remote address:

8.8.8.8:53

Request

www.microsoft.com

IN A

Response

www.microsoft.com

IN CNAME

www.microsoft.com-c-3.edgekey.net

www.microsoft.com-c-3.edgekey.net

IN CNAME

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net

IN CNAME

e13678.dscb.akamaiedge.net

e13678.dscb.akamaiedge.net

IN A

95.100.245.144

172.217.20.164:443

https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0

tls, http2

chrome.exe

2.2kB
9.9kB
23
26

HTTP Request

GET https://www.google.com/async/ddljson?async=ntp:2

HTTP Request

GET https://www.google.com/async/newtab_promos

HTTP Request

GET https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
13.107.5.80:80

http://api.bing.com/qsml.aspx?query=ro&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

http

IEXPLORE.EXE

532 B
92 B
5
2

HTTP Request

GET http://api.bing.com/qsml.aspx?query=ro&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US
13.107.5.80:80

http://api.bing.com/qsml.aspx?query=rob&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

http

IEXPLORE.EXE

487 B
92 B
4
2

HTTP Request

GET http://api.bing.com/qsml.aspx?query=rob&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US
13.107.5.80:80

http://api.bing.com/qsml.aspx?query=roblox.com&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

http

IEXPLORE.EXE

4.5kB
9.7kB
11
16

HTTP Request

GET http://api.bing.com/qsml.aspx?query=robl&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblo&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblox&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblox.&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblox.c&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblox.co&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200

HTTP Request

GET http://api.bing.com/qsml.aspx?query=roblox.com&maxwidth=32765&rowheight=20&sectionHeight=200&FORM=IE11SS&market=en-US

HTTP Response

200
13.107.5.80:80

api.bing.com

IEXPLORE.EXE

98 B
52 B
2
1
128.116.13.3:80

roblox.com

http

IEXPLORE.EXE

144 B
365 B
3
3

HTTP Response

408
128.116.13.3:80

http://roblox.com/

http

IEXPLORE.EXE

481 B
352 B
5
3

HTTP Request

GET http://roblox.com/

HTTP Response

307
128.116.13.3:443

https://roblox.com/favicon.ico

tls, http

IEXPLORE.EXE

1.3kB
6.4kB
11
11

HTTP Request

GET https://roblox.com/

HTTP Response

308

HTTP Request

GET https://roblox.com/favicon.ico

HTTP Response

308
216.58.215.42:443

content-autofill.googleapis.com

tls

1.8kB
6.7kB
14
15
128.116.119.3:443

roblox.com

tls

2.1kB
8.0kB
17
16
128.116.119.3:443

roblox.com

tls

1.0kB
6.8kB
10
12
128.116.119.4:443

www.roblox.com

tls

55.3kB
270.3kB
375
449
88.221.135.209:443

static.rbxcdn.com

tls

1.8kB
8.0kB
16
18
18.244.28.58:443

js.rbxcdn.com

tls

989 B
5.4kB
9
10
18.244.28.58:443

js.rbxcdn.com

tls

989 B
5.4kB
9
10
18.244.28.58:443

js.rbxcdn.com

tls

989 B
5.4kB
9
10
18.244.28.58:443

js.rbxcdn.com

tls

35.7kB
1.3MB
565
971
18.244.28.58:443

js.rbxcdn.com

tls

989 B
5.4kB
9
10
18.244.28.58:443

js.rbxcdn.com

tls

989 B
5.4kB
9
10
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
3.164.163.127:80

http://crt.rootg2.amazontrust.com/rootg2.cer

http

366 B
1.9kB
5
4

HTTP Request

GET http://crt.rootg2.amazontrust.com/rootg2.cer

HTTP Response

200
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
128.116.119.4:443

metrics.roblox.com

tls

1.1kB
6.8kB
12
11
128.116.119.4:443

metrics.roblox.com

tls

8.0kB
42.0kB
74
83
128.116.119.4:443

metrics.roblox.com

tls

1.1kB
6.8kB
12
11
128.116.119.4:443

metrics.roblox.com

tls

1.1kB
6.8kB
12
11
128.116.119.4:443

metrics.roblox.com

tls

1.1kB
6.8kB
12
11
128.116.119.4:443

metrics.roblox.com

tls

1.1kB
6.8kB
12
11
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.6kB
7
7
205.234.175.102:443

css.rbxcdn.com

tls

840 B
2.5kB
7
6
99.86.91.74:443

apis.rbxcdn.com

tls

2.0kB
9.3kB
17
20
18.245.175.51:443

images.rbxcdn.com

tls

1.8kB
10.8kB
14
16
88.221.134.83:80

http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

http

399 B
1.7kB
4
4

HTTP Request

GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

HTTP Response

200
95.100.245.144:80

http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

http

393 B
1.7kB
4
4

HTTP Request

GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

HTTP Response

200
172.217.20.174:443

redirector.gvt1.com

tls

1.6kB
9.5kB
14
16
18.245.175.18:443

arkoselabs.roblox.com

tls

2.4kB
31.3kB
22
32
204.79.197.200:443

ieonline.microsoft.com

tls

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

779 B
7.8kB
9
12

8.8.8.8:53

api.bing.com

dns

IEXPLORE.EXE

58 B
134 B
1
1

DNS Request

api.bing.com

DNS Response

13.107.5.80
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

172.217.20.164
172.217.20.164:443

www.google.com

https

chrome.exe

10.6kB
72.4kB
70
89
8.8.8.8:53

roblox.com

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

roblox.com

DNS Response

128.116.13.3
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
269 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.215.42

172.217.20.202

142.250.201.170

142.250.75.234

172.217.20.170

172.217.18.202

142.250.179.106

216.58.213.74

142.250.178.138

216.58.214.74

142.250.179.74

216.58.214.170
224.0.0.251:5353

204 B
3
8.8.8.8:53

roblox.com

dns

IEXPLORE.EXE

56 B
72 B
1
1

DNS Request

roblox.com

DNS Response

128.116.119.3
8.8.8.8:53

www.roblox.com

dns

60 B
154 B
1
1

DNS Request

www.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

css.rbxcdn.com

dns

60 B
156 B
1
1

DNS Request

css.rbxcdn.com

DNS Response

205.234.175.102
8.8.8.8:53

static.rbxcdn.com

dns

63 B
214 B
1
1

DNS Request

static.rbxcdn.com

DNS Response

88.221.135.209

88.221.134.25
8.8.8.8:53

js.rbxcdn.com

dns

59 B
205 B
1
1

DNS Request

js.rbxcdn.com

DNS Response

18.244.28.58

18.244.28.99

18.244.28.113

18.244.28.55
8.8.8.8:53

crt.rootg2.amazontrust.com

dns

72 B
136 B
1
1

DNS Request

crt.rootg2.amazontrust.com

DNS Response

3.164.163.127

3.164.163.87

3.164.163.90

3.164.163.59
8.8.8.8:53

metrics.roblox.com

dns

64 B
158 B
1
1

DNS Request

metrics.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

ecsv2.roblox.com

dns

62 B
156 B
1
1

DNS Request

ecsv2.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

apis.roblox.com

dns

61 B
155 B
1
1

DNS Request

apis.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

apis.rbxcdn.com

dns

61 B
212 B
1
1

DNS Request

apis.rbxcdn.com

DNS Response

99.86.91.74

99.86.91.90

99.86.91.66

99.86.91.104
8.8.8.8:53

locale.roblox.com

dns

63 B
157 B
1
1

DNS Request

locale.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

auth.roblox.com

dns

61 B
155 B
1
1

DNS Request

auth.roblox.com

DNS Response

128.116.119.4
216.58.215.42:443

content-autofill.googleapis.com

https

5.5kB
7.5kB
16
18
8.8.8.8:53

images.rbxcdn.com

dns

63 B
217 B
1
1

DNS Request

images.rbxcdn.com

DNS Response

18.245.175.51

18.245.175.61

18.245.175.128

18.245.175.119
8.8.8.8:53

crl.microsoft.com

dns

63 B
162 B
1
1

DNS Request

crl.microsoft.com

DNS Response

88.221.134.83

88.221.134.146
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

redirector.gvt1.com

dns

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

172.217.20.174
8.8.8.8:53

r3---sn-aigzrnld.gvt1.com

dns

71 B
116 B
1
1

DNS Request

r3---sn-aigzrnld.gvt1.com

DNS Response

74.125.97.72
74.125.97.72:443

r3---sn-aigzrnld.gvt1.com

https

6.9kB
477.7kB
85
378
8.8.8.8:53

assetgame.roblox.com

dns

66 B
160 B
1
1

DNS Request

assetgame.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

ncs.roblox.com

dns

60 B
131 B
1
1

DNS Request

ncs.roblox.com

DNS Response

128.116.119.4
8.8.8.8:53

arkoselabs.roblox.com

dns

67 B
174 B
1
1

DNS Request

arkoselabs.roblox.com

DNS Response

18.245.175.18

18.245.175.126

18.245.175.6

18.245.175.87
18.245.175.18:443

arkoselabs.roblox.com

https

43.4kB
426.4kB
137
350
8.8.8.8:53

www.microsoft.com

dns

63 B
230 B
1
1

DNS Request

www.microsoft.com

DNS Response

95.100.245.144
8.8.8.8:53

tls

63 B
230 B
1
1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
fe8a7ca4c6b10a835f92695ef9d37c7f

SHA1
831e9489b2a861e19500679fe25c1bdd54e98c52

SHA256
da3d62fb4bd959084ee1abfbf128fafca7e990a90cbe18974d4287b27ed73a20

SHA512
415ba94cacc9e675009a6c5390a37c502dc5754fb88404b5722c5388a7532aacafe56a89b0807562c2e3c8d693eb43204924a0efbc3756a1720d0904df92e09d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
913b3b642f6737769eb8256cd596e8e8

SHA1
2ee6fb7c828f4e8b0c8f4146fe4912674400ef87

SHA256
1f9025306e5e96dbf45e1b726b41451f5df9d7fbc23a2ac53e64e3e09e0736b3

SHA512
654ce37052bd548b7a5f605f03522b74fb7c542058c7f711d20d0464893fff9932289f0b32d4590e8208345d19948deb546df63b9b8beab86bdbe60468edacb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
501f8ff2d1388c1309f19de41b18ca4c

SHA1
68750bbb624e2cb74cfe0f534f71fcc96bdefacc

SHA256
bc5ddecfe8b59ab5d152ebdfa744a457f7c717f11dfb5f6dca9a7f174f795c98

SHA512
e00f6d6002cae6f813aacb19fb96dc17adb886a22465171014b083aac2fec6fc3b8e216443708e6812701df0b75adaba5b6309c9e487ebec306073c1273fe55c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e49441e23c4836b23993ebb17f9a958a

SHA1
2dde15a337763a914344f0e0da86542f96af6703

SHA256
9b32038cf5caaa8a50e5b4e8cd8bc6b29639b9a538a2c08f9799ce7e4770437f

SHA512
63b0426a083e299973f0455a8c4ea996f9b2856d3e846dce43eff444139b90519b9fc79d029505632106ffbac84815bb6d56f45eea00c00e051d8e2107469750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdeecb5a9ff9b27742e29c3a8a3560f7

SHA1
27e5620f59fd83709dc369076e4d0fc3433fccb9

SHA256
0051f62441f53cee0a01c65894b4992b9839c4d54b24d2fd879358a6e7d1b15a

SHA512
57d795579f1a668776d66fe3ad4ae932d0fa212773b67443332b68d390e73f7cd18497f3ee61b964d8d8fb42bc0c8ec9ec1d6ca68b3d36927dae713674b5d11f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7221404aecc6baadab19b45318aba4e2

SHA1
b279842f085d1a853f4116122cf801d09ec4d3e0

SHA256
8d7d35348daffa8cd42b6270e147ca0f09d6d5b498ed09b3f1fd7922f7266425

SHA512
1c65c80034d98c1697dd321d8abb57d987f59f1d8fb9de3949eac4a40ff01462647c418de6e114162cb1e096b7d14d33e75ebfb428e0837a041bfdaaee1fca50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6a643ae06c7feaba9827a8c8e6b2726

SHA1
24abdc62b796be4ce154131e2fafae191a139700

SHA256
d12b0d2e0bd76f5dc4cac181b23ec5a6acd405f26198dc6bea4aff46f8c8ec03

SHA512
5ea1a98f4630b011acb6240f39cf9368da63976e3dadab6df5e0ec956b5e5f1bad38626bddb68fe6a5fc420e9d12c998cf294b5aac4cb8f987cb8ee2e548f82b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0ea7b39a43f4dc8233cdfeee3c494c5

SHA1
b93a2a8b9d39142ec0858d649da2db2087578d52

SHA256
5a206154a72563001ac31519f50b61d1068e0c77c7c974888822fa3df6ca2bcb

SHA512
882091fb6cb42b77b2e35c70c332aba834740b629dc3e143cbd335846eeee218e33fa4d8dee8488cc7599d7727eb560ef3460ac7e1755ed6ed5e39a8a0486193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c64eff723232bd6b64fba02abfe06ee3

SHA1
29e93bbc2e18132b288c1e54015cbe829b25888c

SHA256
a063c6e312e47a7be14326e2644cd379ba9463f82622840ed9f832f844630191

SHA512
2419b81652064a3ed75f5861e22e04461c48020d341c8891a150ad1af2415f8b5036f38ab60c35d434c5722c61875d8de7f197697263da2a25a6d15f78a1a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7516ae88a55e951e922ca3a04d430651

SHA1
a88f1dbe4a71d6d0cffe8f7e39287fd38895a814

SHA256
92c50d8a2fce7c2d7a38e8cfe2aea9ea47b49af57c0aa581ff44ed8263c8c776

SHA512
c1ffad5a9beec7453196271d0103e9f7acd718e30b33a32f151e2798d62ac0f946888deeeb67286092f47aa168a66235d391c38b9d7c4be1562511a30c3915a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abcc4301ac1b6910d10f3ad63b401843

SHA1
f1e2481ad96aa8499ec5a63eaa3e03fe225e860d

SHA256
b4a30627aef2ac6eb722a7310d501837e4b3a6fd881ceb6092282bfa6158ad97

SHA512
184f98f1352c782beff3e0f29542b6d8de95c97b990192b0aa30732efd271ca65c9330a68408d3603d028bd8ae9e456885a85044a808c88da1b4fa05bc940690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2c7c538e4594135f035b4100875ec3c

SHA1
d162344fe698a798bd68e690089e0450093cbcb4

SHA256
e6cf972226e51c6ef23009ac164f39a4b113972a2cab128a6e9791363ab4d905

SHA512
07a8feac35772b6f04e0c5394e23c9ef6afd6319dbdca250203934906f50082bc154dd016a6f28651b45a1d98edf77d6e2608809990afae7702b998ab08f08c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56f816b3802851337fac5997138fb714

SHA1
75a1a9cd4aedf6f256e96323b186739a722f8ceb

SHA256
d967d5771819c0e7d3c9bc746d269d572f52bfcaca0b253c0bf651173633fca1

SHA512
edfc129da6b273c0876ad43b1cf0cf3a546360f37a29e871bc5b335a3e34d2a147ab3022bbf3cb86ceeb8a1db4eedd89be7c810ae0eab18a6f45571ad278519f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18d8123afee851757bc5160965af117b

SHA1
0f26f9088667e1f1dcc9d85d77453f94994227f9

SHA256
8fa83c7a106834b356630dc600b41f389a54731d1689246de15484e240d2ac25

SHA512
cb4900846652442698f356e36253cdb61d2423aca1fbd2a81f12c02227ae53a25c09f3aac9f38db3ec5665cff805a09b0bda6911691b4d754fef560b17bdebc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453c42a048084b1ebde08f2b892f8e97

SHA1
a08070fe876ab73f9904286503ad5b16d08fd3cc

SHA256
42649904df46ad90a141db15e34451e600a35cf367d5cd0043bca928592953bf

SHA512
3e51c6df2c1f8e1714f34144321b980206b5edc799c9f11cedd1e32c2a395b10efaf48203df11fbba9a8b52795ced5aa973406392c18e0c13ec7b29ec04ae022

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31d292a2c5375a6285eced84438f8cd1

SHA1
21af7d4866a9e17dcea2bdcd7f0b934519b41b04

SHA256
f5d09158f42d7df987887214231b2c588fe13c4a4b26a70d26ec63b95797496f

SHA512
4792fa810b86e709bebc92f555f8cefb49c16d8bf00905d897a4512860bd34ca721a0c02f63301fec77d7554feadfa576dea7e9ff597235a41dfeb2c3e49b202

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bacf9cd406f70ae1ef3b0cebb0a0159c

SHA1
21b0e9ae380c4c3d2b322c84532063883a0b2991

SHA256
c66ad6abc3b18a1fcd652edb989bb88de07080395ea27efba663e60cd27288ec

SHA512
bcd69184eb71af5d745d4a856240924fa02fa7832797fd67f0cbc1b5667e85b74d437b6af2174ea5d494798abc84d2ad7ea9c9040dbdd0d27a9d8f76ce33ff23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6fea7732715c90afee17f58533b81ce

SHA1
63e8af6cce57f286ef54f46027875895cad5b85d

SHA256
d3e6faacc540aec4ef6b8c8a1e01ac4c9c977860760cdda098b2ee1282e566a7

SHA512
2393bb6e7c6fc7ad5951b2599eeaa56cf3425aa391479acd06608e1e91bb7825be40923084b652e4a41ab817c6c2c20c86b09f726de5f883847651a77dfca8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1512dc55b5592382144805be1f7b4272

SHA1
b6560c36902c7c7efac388b6de8d4ba2a12c5d53

SHA256
7218312059ec602171f39710167b037e1fb383e972a4163762699ee526d3b0f5

SHA512
975a40c1f72565dbd650f8454cf200961285bdcce1629fd9b054bf11324701904231b9504741a3a7cfb26a2cee78e713031d2441db558103de8632b8b10be453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c5f25c3791108384b2b507718d4357d

SHA1
5914ef672e15cfee952d0ae60f3ad868d9b68fbb

SHA256
159fc2b7dcf5f4c6423a19ee92a3fcc84cd48f57dcf57065ac5271b0ea7a6427

SHA512
f6c6351e26b1cca132d446523f661f2ab9bfd3cbdda3439e885d3ae81d633ea4c0f76c0a8afd4cf148d80a226a902fbd0053defb9b6b84bb25e103785ffc0603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f857c80405fe3f63a72ba9ff90ea5e07

SHA1
682a5c58747b394e6dad0a0723fc121aeea95b3f

SHA256
d4b215e46b3f895e8a48c0ba9225581e1dbcaa70003740d80a2e3657f86609a0

SHA512
9e369c07a36b718b337fce16abc6b5292e100e21ba3187e8e9eb069a694d31c5574db0a617099441b6f70fed6d9cef705f6c706c5445f8372287434f448d31a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd3432d371e78fbe1593fdf02a69e24a

SHA1
47e80e6813f63df12b06273e5d366b32ae0919fe

SHA256
2b1db993eb268e4ddbfcd33946330313713c757c9734059ad8c19f5b6c745591

SHA512
ed1f471779ba7f592a96eb9733923ef682ba04628e23ac3ed63b20f7c8942f47732a4a03d5acb89efe93260ba3bdb9a92a22a1a1215fdfcc347b8daca2035f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdae11bdd77cbc1a9ef04fc6583e53b9

SHA1
82f712efbe51b2eafcc2939b669a9de3fb9b838b

SHA256
ed885a2c160a481b3ddcdfde5ffed01da2a8cbe137e1770b1b25c59e742d48d7

SHA512
7b045a4a38cf377ed17fec0d6ed63acb2db08e2ac0a1e2178a8f696428bcce7187ea54ee4a573756484593279b6b3092751a3b205abb46b16792bc03c1f13aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c365712634a26dd32843c2c09a93d97

SHA1
a25e3e39e299c3f6402b35a8fe6dd7e8393c9a0f

SHA256
92a2a68872c89f002837ccf684a01ba8c5eb039999d917a9a88561a7afc40d4d

SHA512
afc5b8c212f90942f72efe57b25ac866ccc74db2544a4a75a03bd14c3461338d5d5742f217fba4cae6f77f6f15c805efb36a9a4f72019d6e94d390a36df815ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e8bb1e16cfac79444cd82a150aa057e

SHA1
f7dcfd4bea2ffdbc9f0f59229fd443d88abd0aec

SHA256
f7a11d5b876aaf2894f55f5c9592d2326a1591055ab25010835fcce8dd170ba4

SHA512
3e5ca1c651e1201353cf1fb935ef06bf8e31a6c84102002421543a3a950cb632d32063abd7af2c5daa3d2c0bd8234079dfb525f13166b8c433086feee359b8e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
491e5a147d0a8bc0cb9d272376ce2cdd

SHA1
029ea2f1f8d1c0a91523bb0c3dcac8103e1013a5

SHA256
d7cd5bb862871717d0f6399413bc302b5769d6b8e4e09c768c3998fef51311ff

SHA512
46fb1fdf31d651411c743680a53e22c5afc25d84453dc706160c8d9b6cc61b23125b151d7c858c9afdb55a53cd82b08d94c2947da09ce4d9d5175d41c7ac9833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dff6d5eff91452b5bc16ab0c6e877331

SHA1
8e283932af1e49fcddd13516da281435d9c339c6

SHA256
3a9f2070a900f7f8446e7b5de23d47802d6421b1839c7ffcc804c747e60025c2

SHA512
15d598ee02d276b8de2de944f0909c5f23a0b7066a97ceece0904bb87b16aec13e29b20e1474a4a7e98d425f67eac246e6fb9238451375c000adac18839caaa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c61e3a92515e5749e5c04833333457fc

SHA1
589dd2d666f69ed761ce2133e0e527ca4efa02ba

SHA256
6ce3be00057788ec7bd971dd3cc54b08433ffe060a7453ae9c89f1615adcf2b8

SHA512
64a052dcd190ad1c9fffb9c8faabc9db74a887835f1bf8eb15d3f77f340df8d78fd420a8384c8f1328297e65594ab4402ef52ef914f5fd1de159143a3c41099f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a947852a45ff16a3053d6eb37ecafeb3

SHA1
8b750fd20470648708ff67bd8f760e24ba81fc88

SHA256
b69852a7d4ae04cdb807339e668c385e2ba4922917da864e4c6de451e10ae510

SHA512
a818fb3b47ab287797eb14eaf7c0bbb5e611d1b450e15010607c45e3bd1d702e3f457fa894a03c0b6be06f552f6d610dd5e2e3abd904a266911859840079f81c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9f55086bd03d26acfd81cdc0d56a31e

SHA1
45f4c9a623ec545a5e2afbb588593007a3603334

SHA256
3e43e6155c43eafee812e1560a99b01380c8e1054bf094e40a726b40fd97b472

SHA512
5094f20498d8278582cf9743526114d8e2df2af1e11ef6321978f9de8c8038980fb593ce4f8c22cd201274d8b8ef8fa613d588cad5da26cb0a0525399f22787d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3456742c618cc81a30cdf3e81211bbab

SHA1
c23fa0d8bc3731a88dd24c48efec45a47367ef72

SHA256
1e8122fee2eac876e9390f1fd933edec92726ef2a1d2157c89687f9b2ecc3223

SHA512
b187c40701e99b99eba06ca4df8a35882172fd01bdd31bd78b5366d5fd1c20907e5f8f49e7369d724781a6c0d6d44771dbe6b039812c8aca634555f37d6ddb2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d3263c70398b5bde2bf38e35ebe736a

SHA1
adfdad85cbd618531af39b695980ee03444cd8c3

SHA256
fbabce6e7265b7e43c8a838a15ab2752c73a25542e766d060883de62800e799d

SHA512
95e9fbd0838e6d1d6ecc61e51716b14e3cd156a5e8bc132923df8ac5faafc4cc7ecd85e9a82f905ec913a05820e127d5b0c29bc9bc6f272fa0e6b6ed61444e93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
817cd3713489e6edfc23f8f671b781e7

SHA1
7508ba10d6dc0d795475c6c543bd9d9ef75d45ff

SHA256
7513caf58fd4b629a4888dd7fba41b79a52bad65a51c75ce8ee844193821551b

SHA512
d98dd9cf99f276c4310c0f6bcdcb79e85e6ceacb80870131b745b037dd19dbf274654a03492ea098944c8afb8741df0a94aac5db7bed6f14f5c1cdcb46192cc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56870ebbba40bde6c13514b95afa692d

SHA1
8062784e9b30b1502fb031ceebcc216f46958949

SHA256
215b3cf594c8d4fb9c838247b7cc907692e47396cf6242ddba9eb1b7f61c8cfb

SHA512
1cb5f8894da380ee8924631411c2db8adabd95e71fc10a2c411590d4cb454655fd93d1e475972326de2344a23ba5b92a1c665eb5a2385f7ae01424e066b1899c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c19773484c99ddcd246e1be2ac223a

SHA1
cc6f51f07ec36e8dddefd21030354c2c7591a819

SHA256
22c3158c0aad4614120eb7b27ccbf31840fe5dc4e689b84c0ad0d62296c4ddf2

SHA512
d13520846984cf438670406ac523b0d9a966873e1fab2086667f7e393fc03e218885c76ebf47dd9c7ba72f415add517b76d22cecc9d96cea18418cf39d4da59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79371ad41d73961f24e017a9c9be5a94

SHA1
23a7612dac80e876a0ce4b6a323d70aff38c4743

SHA256
c9159557bcf222d0fd5d266783e49a93a1853409e1e5a8c88021c368cc0e694b

SHA512
32b602bd6231ba43ea964bc284d2c59fe82b636c2796262943d82c3a52d819b4f708e5f816012da07b89a76265dd7af71e8f4072599b2dbe62a5d1ba25e05340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8ddea08d29430e1ba8c5697956d7f23

SHA1
c3807af1486e42634cbeed144e628e6ce5fa0d12

SHA256
a03eb8d663a004ea0a3d1fada5dd57e795af8d64e0f939e2c43801126a1a4e5c

SHA512
681d997a32b0d38a860c537de4132d497c8dd8d6f508a1648a89a952b93b863d68a250edcccdc8f8dc81a3e8267cc61781f2c33da6799ea62fd0da21af484782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
716a7af90fc80f72b75a2ef27c6766f0

SHA1
74759a6125ad6382696b34226a2056bc7bc8bf54

SHA256
16d5d0d509105a4ed99ed79ccafa4632510a94dc750bc8d8de8cd004e9e75ef3

SHA512
1c329d780af96947bd8d64065ed435c067588d512dc51e3bd509030401f380f2f640a22d15d120e13a9d5afe1f03ac2b79fb39763b4a0e9ee43f85445d9e8720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
75c782d3df4df73cec1ea50366442e49

SHA1
4391661af89030baafc63f34a1517604d55021d4

SHA256
49ec17fa23b56d71bcecd12d82f51a849d5a1e8b8b4f5717131b10c9ee651a49

SHA512
5a021549346bc0131690fc2068cbc33622b139c74a84537e97f97feccf13fdc81cdd37222468d84cce095c7202a11d9950e09722249bb6ce5d8360eb48dc87a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
909012b37e5c520fdbde16185139d085

SHA1
99f7ef136dc893d98499c2507749d010263dc94b

SHA256
5d9e82e60f40df32ebd81a2d29382855e51a52ceb8b6e4afb686986987c34437

SHA512
1817429283962e1dbf449572a1dc3f4b37d15ac3e5e160b07d74a07ab94a25a70dc8ee474a03a892c43aae737fc60be53cbc00069a6f8478eb2beb25f42b719b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e25072e16ba7dd19fd7d07677e5a55e5

SHA1
a1284855ffe8524dcd0e2173df8ba05bc5ca91dc

SHA256
53551ea5a3de78313054ad6eb8fb8a0e2d82589666645ee9d31c7ccf86d74f05

SHA512
2167b54f0a5a696dae7d7ad2772a9573cebefaf12eb2116f3e7cb41ae80f29fb32a7a46517e313c712297f79aa986c14acd7ee796981ea91d9c3b24fc70c7547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT~RFf786ab5.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5adfcbc5d869eb00f3e371333f1719f2

SHA1
4eae8e1267532f8f9f5b0406aa8dd23ca1e666dd

SHA256
d6d92092c0db79826640ea59a716e0bb461fe8ea8b84c2d6b21161fd6c5659ae

SHA512
ce28dd3b9313a01c7b5e20fca6bde311791d4d121a2cdf962cd6a0ff448f570c4a57eda732bf4e3b02b5d48ce817e7a6a050db65600b1a98cfe4a2ee7168dbae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
719f812646f841e5701ec6a7bcaa4e17

SHA1
c11a9c52a7277b78303ade921610903843d34acd

SHA256
bb4002ae0d37a7a90b57455400fe3cf4608c209ca335886e7037d46e90a76a59

SHA512
5a0a61eb2bf36b3b1b96f7249b752cc6fc846cb3666705c3ce8fc01a10e479d124849f47285202f8e68b580cd9c9cf2a718af79d9f22dee23491a55b99ce6daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
61473f3389fd92718a6bad32d319680d

SHA1
ba1254eb368de3957a4ddf7cec7c63b3a237334e

SHA256
6f6903f17e1f314ec53e38604db330be25d8741b17041e20215e1e0394c76502

SHA512
599d7676b95ebd5a70a241f54ac3593399b579d7e7a6a18873e76fbc6870ad3a3340514eb3fdc30e2150605fe79fe9b6f373b686027927973024028abbbfabaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
659d2248b02bb042074c74917954c6ab

SHA1
37e5a9b119d65e5853f37f10aade4bad170cf96b

SHA256
2d2fea388410d2f60ef24252c1be1305329b26d28f627ca8a27621252f8680ab

SHA512
e30f1d9a3e365bd21c6c17fb37daac72d33ead21d6040ce6f25aaf118ee073082a38e9742777d25ed56e8d9d6ffa1f1a1dbb53d2e774b2224acb90c2165ee7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e6c08b3ee5292e7e88f1cc058ab9e5e

SHA1
7ad3ace15a0a7bb5e9cf4c90d98dc863f0d4593a

SHA256
fa074bdf6ea6e4c852f829b388a80904e6a8e5fdf3d100f1a7786f3ca55c42c3

SHA512
ce5883a8c9c15d16481b39a450385e7ab40728ca104fa3046ff51255709bb94d0b49d0b3f07e51d8566180f6e283e10744921930b70bf5e76193b87a0c893167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
78e415bcf45978d38bff7d8ba0a700f7

SHA1
743c41c9b0fc39096246720f24437e6db5c5a6e6

SHA256
745dbe0f32ed8a4ea1ac80e547fe10415a7e55bee21460168feeb251adfcef2e

SHA512
d3911c392e19eca202ce4eab79985830360e4a6e150bc068548fef94991ab18a8dac5169012d563766991cdf7ca40359adcc736295a6ae7d7369e3c67b6ed862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
10487c15bb0fb963b7ebe374fdb74a9d

SHA1
798dcab181618f5cf1eede1b4c8d26e4d167d811

SHA256
0cea386a40dd71eaf4d0194d45aadd2fffc5ca6cdff947f3be0bafe6d1dc5682

SHA512
f9e500a77bb39229fe4892f56a15997757284048f1722502589d836aaafee53bbd5d1e98bc06c3190f1577f2f9abb39be69dd98854e30b46efffdc32d4e32bdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0cb8a03146b6e6c161b3b97fe0edea31

SHA1
726b3e4d2e4800ff1e4da497f4e6cc9957b6e699

SHA256
cbd4e63368e1067042cb4cbf9578dbad352b1312facc05f5f8a0922984c05cb5

SHA512
c1f464e55475bab816ab716695bdc893635dc41a1e83ac183e93834c225a033fd72ddf600ed7d2270f5de494bb0efe98eb3010b938440207fb991a090cd4ac0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
344KB

MD5
41e3a466ff0b4d0def150d4e2235ba68

SHA1
790ad6e84925eff259fc8674024ef5bcffb65e55

SHA256
1194645f6e8097417b58f1d3197c3a7832dbf88124ef71516634f44fc2a3f4bf

SHA512
628b4dd7511077c2a8065477a095e47c6def29b4c67c1258fc984f15e1df57cfb3e2f07746984fb327ba47ebe4010efcc3543e8a050848de8e194297d34cb78a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f0754dab-dc9d-4e9c-935f-8a4500269462.tmp

Filesize
344KB

MD5
4c40d05b48134319bb3099704452bf3e

SHA1
617f5bb336db80d71fb9c6dfc34cdd5c24f00b5d

SHA256
ed275753f4ea611508b01d415b5284d6bccca1aae844521d231aa27085acd7c8

SHA512
2b891c0afbdfb83c08707bcc58c017c78e3f469dec5a0837fd51d7c54790c70af9d3f3f0b9dd1f0bed92fccf1197967cd666b6aaabe46b8008dd83efbca8df08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[1].xml

Filesize
512B

MD5
eaf1db9ac9593ffeaab3c208d2a9b39e

SHA1
f486df653d8cc13deb29751a5c829ab9b4826ebd

SHA256
185cc92b2cb397d2ab273183f69f4fd9989d9ff5c7231efb9b287d5dd6ad8ae5

SHA512
7949e173990da6196f9a16e9bb4c06f5699f6aa5d417114dd1d988bfcab1a2ea8d70a2a7657105765a65fe1929bcf6905bf294e4e226cf942f90fcacee27d70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[2].xml

Filesize
513B

MD5
d9e6830447f7cc5e2407111fb9c807aa

SHA1
fd3c6bcf99fa01a4cd6e69bf2e5d298ea4299c4a

SHA256
dfb1d24af8d2c82f50f64255b2ed3b6729b0cc77e69db722d522627ffeef3e38

SHA512
cd9ae09dff356484da8c9d78b44450f4b31c501a2f09b16d51e627624a252d785fe08bed5ebf2e09878b0579c460de3c79dddc7b67268ff17d4dd9597005cbea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[3].xml

Filesize
514B

MD5
498235b2f493f9fefb26b10a5d3a0704

SHA1
cab64867a6f13559954de5d8c50e40e21b1a36d9

SHA256
b107dd326226f35f8dc9e8741d3d1be3e8dfe430fa92eabc10b8ecfad1d325bb

SHA512
3d84091dc3439548948eb7fa71cbd2f4ae2f15b09876ca0a723071864ea75672ca0c32051b52f8c698ffa29dd2b2e35524bd0f0fc3144ad9c1313a27f99bb8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[4].xml

Filesize
517B

MD5
3417bc4e520f36dd5a0f933342e9b246

SHA1
03728138d5676dec40c16f467f4d7f282407f461

SHA256
1480a2594b903900dc1c516698e348c0eaebe8c62805879525313a9d5348664e

SHA512
85e22fba98f2ce8e7394305561414bb55e50f29a62457f94412e3dd54912a579fd3baea05c6d068f491aec7fb3823252f50f3003bf7015f76f06128bba31ecf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[5].xml

Filesize
529B

MD5
193cd024a962c2666f4394314f846621

SHA1
f764ca21591ab4f17c069d02311e902e2bdf829f

SHA256
eb4e2a0720511bd98626b9a19caf01ac10ba1da05f4dfbf1b23bb78d19426a38

SHA512
40e88c4817875dfbd935319107a36e6f16f81dab393c6d36529b352a0e2865db46581681d8a3f8d48bd2a3b6293b7f42c8470dd364692c114105fa8cf81b4b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[6].xml

Filesize
526B

MD5
ad00fa2a01d3fe8f382c4bd32e911931

SHA1
a428cf23c44cb41a2f8e9401e6e64bab685c2c37

SHA256
fbd46d6e1cced2d8ba2b8f51279af6b11c9f663328649d7299602383896c41ab

SHA512
976cd71f38e9aed1355ba3c4e3b8f0965bfd1e83090a3b636485dacce683b330e708344068773bc05d3d23dd483f08b34725c5c890a24f73a7ae0bd683f8d56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\qsml[7].xml

Filesize
539B

MD5
094fe2e05d79fa1dcd7f49ea03deeb98

SHA1
2724a0544c8731292543101db4258da80449f03b

SHA256
c14d73f44ef5412841546448c2283d7eb2083b03f73e2f27ef587540e7fa75f3

SHA512
0dc4d349da7d4315fd3e9df5536f5106f00e5f5811c9dddade1494953862176d899835f62cd44ee568ad5195d9c5e8879cc3461d96ad9623428390de779b3821

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5B8B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BFB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24962\python311.dll

Filesize
5.5MB

MD5
387bb2c1e40bde1517f06b46313766be

SHA1
601f83ef61c7699652dec17edd5a45d6c20786c4

SHA256
0817a2a657a24c0d5fbb60df56960f42fc66b3039d522ec952dab83e2d869364

SHA512
521cde6eaa5d4a2e0ef6bbfdea50b00750ae022c1c7bd66b20654c035552b49c9d2fac18ef503bbd136a7a307bdeb97f759d45c25228a0bf0c37739b6e897bad

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF6B0AB8425DF54F5F.TMP

Filesize
16KB

MD5
6e5b86a0fe67a0ad49f2146ba16788b8

SHA1
c56a37c13eea565a530515d3ddd60c88facec062

SHA256
ee6b4a0d51785da1e6795c3e609c15b872c98b926c9159513d4fd0db21523de7

SHA512
7d2f736c301e3eec949e3d3295633baac189a8ff038c83c98de236f8397bb560bc6dc3b7f01cf2c2cd3502568728e49e9a06518a0bd9b883acf13e740c1599d1

Download Submit
memory/2088-1161-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2088-1165-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2088-1159-0x0000000076E80000-0x0000000077029000-memory.dmp

Filesize
1.7MB

Download
memory/2088-1158-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2088-1160-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2088-1166-0x0000000076E80000-0x0000000077029000-memory.dmp

Filesize
1.7MB

Download
memory/2496-1-0x0000000076ED0000-0x0000000076ED2000-memory.dmp

Filesize
8KB

Download
memory/2496-0-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2496-2320-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2496-2-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2496-1164-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download
memory/2496-1157-0x00000000024E0000-0x0000000002E25000-memory.dmp

Filesize
9.3MB

Download
memory/2496-3-0x0000000140000000-0x0000000140945000-memory.dmp

Filesize
9.3MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response