hxxp://tiny[.]cc/vihd001

Analysis

max time kernel
43s
max time network
43s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 22:23 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tiny.cc/vihd001

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865509964616431"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{50CE3F06-B350-4D76-8CCC-F25171A7DAB6}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-869607583-2483572573-2297019986-1000\{17F1A543-2AA2-4598-911B-D069D994F2F4}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe
620	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 2160	620	msedge.exe	86
PID 620 wrote to memory of 2160	620	msedge.exe	86
PID 620 wrote to memory of 5020	620	msedge.exe	87
PID 620 wrote to memory of 5020	620	msedge.exe	87
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 3660	620	msedge.exe	88
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89
PID 620 wrote to memory of 2652	620	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://tiny.cc/vihd001
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffd5402f208,0x7ffd5402f214,0x7ffd5402f220
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2280,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2440,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4284,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4300,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3720,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6340,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6352,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6548,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3464,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4488,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7008,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7156,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=4616,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=7532 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6996,i,15920227598855468176,1887346981551428236,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:640

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:3548

Network

DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net

edge-microsoft-com.dual-a-0036.a-msedge.net

IN CNAME

dual-a-0036.a-msedge.net

dual-a-0036.a-msedge.net

IN A

13.107.21.239

dual-a-0036.a-msedge.net

IN A

204.79.197.239
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
DNS

tiny.cc

msedge.exe

Remote address:

8.8.8.8:53

Request

tiny.cc

IN A

Response

tiny.cc

IN A

157.245.113.153
DNS

tiny.cc

msedge.exe

Remote address:

8.8.8.8:53

Request

tiny.cc

IN Unknown

Response
DNS

clients2.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN A

Response

clients2.google.com

IN CNAME

clients.l.google.com

clients.l.google.com

IN A

216.58.204.78
DNS

clients2.google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

clients2.google.com

IN Unknown

Response

clients2.google.com

IN CNAME

clients.l.google.com
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net

edge-microsoft-com.dual-a-0036.a-msedge.net

IN CNAME

dual-a-0036.a-msedge.net

dual-a-0036.a-msedge.net

IN A

13.107.21.239

dual-a-0036.a-msedge.net

IN A

204.79.197.239
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
GET

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:YZZPSjZT5Mn9wPd_MXzkMx3R0wxfjp4nRyrcKCt5gsU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

msedge.exe

Remote address:

13.107.21.239:80

Request

GET /browsernetworktime/time/1/current?cup2key=2:YZZPSjZT5Mn9wPd_MXzkMx3R0wxfjp4nRyrcKCt5gsU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
Host: edge.microsoft.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Sec-Mesh-Client-Edge-Version: 133.0.3065.69
Sec-Mesh-Client-Edge-Channel: stable
Sec-Mesh-Client-OS: Windows
Sec-Mesh-Client-OS-Version: 10.0.19041
Sec-Mesh-Client-Arch: x86_64
Sec-Mesh-Client-WebView: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK

Cache-Control: no-store, must-revalidate, no-cache, max-age=0
Pragma: no-cache
Content-Length: 100
Content-Type: application/json
Content-Encoding: gzip
Expires: Mon, 01 Jan 1990 00:00:00 GMT
X-Frame-Options: sameorigin
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
x-cup-server-proof: 304602210087C9ED9A02338177ECB494775DA55ABA6AA28A77856744C69357BEA17DC4A8C902210092F0EC9B05AE6F76B675D2202DD7CDC87BAE4E0423D31E773A892FF0D04B20C9:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Content-Disposition: attachment; filename='json.txt'
X-Cache: CONFIG_NOCACHE
X-MSEdge-Ref: Ref A: C637036069924B2D917CDC16046847CB Ref B: FRA31EDGE0818 Ref C: 2025-03-15T22:23:14Z
Date: Sat, 15 Mar 2025 22:23:13 GMT
DNS

tiny.cc

msedge.exe

Remote address:

8.8.8.8:53

Request

tiny.cc

IN A

Response

tiny.cc

IN A

157.245.113.153
DNS

tiny.cc

msedge.exe

Remote address:

8.8.8.8:53

Request

tiny.cc

IN Unknown

Response
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN A

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net

e107108.dscx.akamaiedge.net

IN A

2.16.34.97

e107108.dscx.akamaiedge.net

IN A

2.16.34.90
DNS

copilot.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

copilot.microsoft.com

IN Unknown

Response

copilot.microsoft.com

IN CNAME

copilot-copilot-msft-com.trafficmanager.net

copilot-copilot-msft-com.trafficmanager.net

IN CNAME

copilot.microsoft.com.edgekey.net

copilot.microsoft.com.edgekey.net

IN CNAME

e107108.dscx.akamaiedge.net
DNS

clients2.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN A

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com

googlehosted.l.googleusercontent.com

IN A

142.250.178.1
DNS

clients2.googleusercontent.com

msedge.exe

Remote address:

8.8.8.8:53

Request

clients2.googleusercontent.com

IN Unknown

Response

clients2.googleusercontent.com

IN CNAME

googlehosted.l.googleusercontent.com
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN A

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net

a2033.dscd.akamai.net

IN A

2.18.190.170

a2033.dscd.akamai.net

IN A

2.18.190.174
DNS

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN Unknown

Response

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

IN CNAME

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com

IN CNAME

cdp-f-ssl-tlu-net.trafficmanager.net

cdp-f-ssl-tlu-net.trafficmanager.net

IN CNAME

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

star.sb.tlu.dl.delivery.mp.microsoft.com.edgesuite.net

IN CNAME

a2033.dscd.akamai.net
DNS

www.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

www.roblox.com.ni

IN A

Response

www.roblox.com.ni

IN A

5.252.33.158
DNS

www.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

www.roblox.com.ni

IN Unknown

Response
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net

ax-0002.ax-msedge.net

IN A

150.171.27.11

ax-0002.ax-msedge.net

IN A

150.171.28.11
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net
DNS

edgeassetservice.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edgeassetservice.azureedge.net

IN A

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edgeassetservice.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edgeassetservice.azureedge.net

IN Unknown

Response

edgeassetservice.azureedge.net

IN CNAME

edgeassetservice.afd.azureedge.net

edgeassetservice.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net
DNS

css.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

css.rbxcdn.com

IN A

Response

css.rbxcdn.com

IN CNAME

cssns1.rbxcdn.com

cssns1.rbxcdn.com

IN CNAME

csscfly.rbxcdn.com

csscfly.rbxcdn.com

IN CNAME

roblox-css.cachefly.net

roblox-css.cachefly.net

IN A

205.234.175.102
DNS

css.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

css.rbxcdn.com

IN Unknown

Response

css.rbxcdn.com

IN CNAME

cssns1.rbxcdn.com

cssns1.rbxcdn.com

IN CNAME

cssaws.rbxcdn.com

cssaws.rbxcdn.com

IN CNAME

d1kpbbfl4rco16.cloudfront.net
DNS

static.rbxcdn.com

Remote address:

8.8.8.8:53

Request

static.rbxcdn.com

IN A

Response

static.rbxcdn.com

IN CNAME

staticns1.rbxcdn.com

staticns1.rbxcdn.com

IN CNAME

staticaws.rbxcdn.com

staticaws.rbxcdn.com

IN CNAME

d143j4fdqe1jki.cloudfront.net

d143j4fdqe1jki.cloudfront.net

IN A

3.162.38.58

d143j4fdqe1jki.cloudfront.net

IN A

3.162.38.66

d143j4fdqe1jki.cloudfront.net

IN A

3.162.38.18

d143j4fdqe1jki.cloudfront.net

IN A

3.162.38.51
DNS

www.bing.com

Remote address:

8.8.8.8:53

Request

www.bing.com

IN A

Response

www.bing.com

IN CNAME

www-www.bing.com.trafficmanager.net

www-www.bing.com.trafficmanager.net

IN CNAME

www.bing.com.edgekey.net

www.bing.com.edgekey.net

IN CNAME

e86303.dscx.akamaiedge.net

e86303.dscx.akamaiedge.net

IN A

2.16.34.130

e86303.dscx.akamaiedge.net

IN A

2.16.34.107
DNS

static.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

static.rbxcdn.com

IN Unknown

Response

static.rbxcdn.com

IN CNAME

staticns1.rbxcdn.com

staticns1.rbxcdn.com

IN CNAME

staticaws.rbxcdn.com

staticaws.rbxcdn.com

IN CNAME

d143j4fdqe1jki.cloudfront.net
DNS

astro.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

astro.rustyend.net

IN A

Response

astro.rustyend.net

IN A

5.252.33.158
DNS

astro.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

astro.rustyend.net

IN Unknown

Response
DNS

js.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.rbxcdn.com

IN A

Response

js.rbxcdn.com

IN CNAME

jsns1.rbxcdn.com

jsns1.rbxcdn.com

IN CNAME

jsaws.rbxcdn.com

jsaws.rbxcdn.com

IN CNAME

dw04ej0wrfjel.cloudfront.net

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.55

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.99

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.58

dw04ej0wrfjel.cloudfront.net

IN A

18.244.28.113
DNS

js.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

js.rbxcdn.com

IN Unknown

Response

js.rbxcdn.com

IN CNAME

jsns1.rbxcdn.com

jsns1.rbxcdn.com

IN CNAME

jsaws.rbxcdn.com

jsaws.rbxcdn.com

IN CNAME

dw04ej0wrfjel.cloudfront.net
DNS

images.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

images.rbxcdn.com

IN A

Response

images.rbxcdn.com

IN CNAME

imagesns1.rbxcdn.com

imagesns1.rbxcdn.com

IN CNAME

imagesaws.rbxcdn.com

imagesaws.rbxcdn.com

IN CNAME

dapx4swc8lj69.cloudfront.net

dapx4swc8lj69.cloudfront.net

IN A

13.32.145.114

dapx4swc8lj69.cloudfront.net

IN A

13.32.145.6

dapx4swc8lj69.cloudfront.net

IN A

13.32.145.71

dapx4swc8lj69.cloudfront.net

IN A

13.32.145.74
DNS

images.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

images.rbxcdn.com

IN Unknown

Response

images.rbxcdn.com

IN CNAME

imagesns1.rbxcdn.com

imagesns1.rbxcdn.com

IN CNAME

imagesaws.rbxcdn.com

imagesaws.rbxcdn.com

IN CNAME

dapx4swc8lj69.cloudfront.net
DNS

roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

roblox.com

IN A

Response

roblox.com

IN A

128.116.13.3
DNS

roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

roblox.com

IN Unknown

Response
DNS

metrics.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

metrics.roblox.com

IN A

Response

metrics.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.4
DNS

metrics.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

metrics.roblox.com

IN Unknown

Response

metrics.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com
DNS

api.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

api.rustyend.net

IN A

Response

api.rustyend.net

IN A

5.252.33.158
DNS

api.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

api.rustyend.net

IN Unknown

Response
DNS

ncs.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ncs.roblox.com

IN A

Response

ncs.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.4
DNS

ncs.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ncs.roblox.com

IN Unknown

Response

ncs.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com
DNS

region1.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

region1.google-analytics.com

msedge.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN Unknown

Response
DNS

ecsv2.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ecsv2.roblox.com

IN A

Response

ecsv2.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.4
DNS

ecsv2.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

ecsv2.roblox.com

IN Unknown

Response

ecsv2.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com
DNS

lms.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lms.roblox.com

IN A

Response

lms.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.4
DNS

lms.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

lms.roblox.com

IN Unknown

Response

lms.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com
DNS

voice.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

voice.roblox.com

IN A

Response

voice.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com

edge-term4-fra4.roblox.com

IN A

128.116.44.4
DNS

voice.roblox.com

msedge.exe

Remote address:

8.8.8.8:53

Request

voice.roblox.com

IN Unknown

Response

voice.roblox.com

IN CNAME

titanium.roblox.com

titanium.roblox.com

IN CNAME

edge-term4.roblox.com

edge-term4.roblox.com

IN CNAME

edge-term4-fra4.roblox.com
DNS

tr.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tr.rbxcdn.com

IN A

Response

tr.rbxcdn.com

IN CNAME

trns1.rbxcdn.com

trns1.rbxcdn.com

IN CNAME

trak.rbxcdn.com

trak.rbxcdn.com

IN CNAME

tr.rbxcdn.com.edgesuite.net

tr.rbxcdn.com.edgesuite.net

IN CNAME

a1831.dscd.akamai.net

a1831.dscd.akamai.net

IN A

2.18.190.100

a1831.dscd.akamai.net

IN A

2.18.190.180
DNS

tr.rbxcdn.com

msedge.exe

Remote address:

8.8.8.8:53

Request

tr.rbxcdn.com

IN Unknown

Response

tr.rbxcdn.com

IN CNAME

trns1.rbxcdn.com

trns1.rbxcdn.com

IN CNAME

trak.rbxcdn.com

trak.rbxcdn.com

IN CNAME

tr.rbxcdn.com.edgesuite.net

tr.rbxcdn.com.edgesuite.net

IN CNAME

a1831.dscd.akamai.net
GET

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

Remote address:

2.16.34.130:443

Request

GET /th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/jpeg
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1981
date: Sat, 15 Mar 2025 22:23:21 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.67221002.1742077401.b512868
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN A

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.dual-a-0036.a-msedge.net

edge-microsoft-com.dual-a-0036.a-msedge.net

IN CNAME

dual-a-0036.a-msedge.net

dual-a-0036.a-msedge.net

IN A

13.107.21.239

dual-a-0036.a-msedge.net

IN A

204.79.197.239
DNS

edge.microsoft.com

msedge.exe

Remote address:

8.8.8.8:53

Request

edge.microsoft.com

IN Unknown

Response

edge.microsoft.com

IN CNAME

edge-domain.trafficmanager.net

edge-domain.trafficmanager.net

IN CNAME

edge-microsoft-com.ax-0002.ax-msedge.net

edge-microsoft-com.ax-0002.ax-msedge.net

IN CNAME

ax-0002.ax-msedge.net
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

astro.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

astro.rustyend.net

IN A

Response

astro.rustyend.net

IN A

5.252.33.158
DNS

astro.rustyend.net

msedge.exe

Remote address:

8.8.8.8:53

Request

astro.rustyend.net

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

edge-consumer-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-consumer-static.azureedge.net

IN A

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

edge-consumer-static.azureedge.net

msedge.exe

Remote address:

8.8.8.8:53

Request

edge-consumer-static.azureedge.net

IN Unknown

Response

edge-consumer-static.azureedge.net

IN CNAME

edge-consumer-static.afd.azureedge.net

edge-consumer-static.afd.azureedge.net

IN CNAME

azureedge-t-prod.trafficmanager.net

azureedge-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN A

Response
DNS

assetgame.roblox.com.ni

msedge.exe

Remote address:

8.8.8.8:53

Request

assetgame.roblox.com.ni

IN Unknown

Response

157.245.113.153:80

tiny.cc

msedge.exe

190 B
92 B
4
2
157.245.113.153:80

tiny.cc

msedge.exe

190 B
92 B
4
2
13.107.21.239:80

http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:YZZPSjZT5Mn9wPd_MXzkMx3R0wxfjp4nRyrcKCt5gsU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

http

msedge.exe

883 B
1.1kB
5
5

HTTP Request

GET http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:YZZPSjZT5Mn9wPd_MXzkMx3R0wxfjp4nRyrcKCt5gsU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Response

200
216.58.204.78:443

clients2.google.com

tls

msedge.exe

3.2kB
10.7kB
15
18
13.107.21.239:443

edge.microsoft.com

tls

msedge.exe

3.4kB
8.4kB
15
18
13.107.21.239:443

edge.microsoft.com

tls

msedge.exe

3.3kB
1.8kB
12
12
2.16.34.97:443

copilot.microsoft.com

tls

msedge.exe

2.9kB
5.4kB
15
15
157.245.113.153:443

tiny.cc

tls

msedge.exe

2.2kB
3.4kB
9
7
142.250.178.1:443

clients2.googleusercontent.com

tls

msedge.exe

2.3kB
10.9kB
13
11
157.245.113.153:443

tiny.cc

tls

msedge.exe

3.0kB
4.9kB
13
12
142.250.178.1:443

clients2.googleusercontent.com

tls

msedge.exe

6.3kB
174.3kB
84
131
2.18.190.170:443

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

tls

msedge.exe

3.4kB
20.2kB
21
29
5.252.33.158:443

www.roblox.com.ni

msedge.exe

52 B
1
5.252.33.158:443

www.roblox.com.ni

msedge.exe

52 B
1
5.252.33.158:443

www.roblox.com.ni

tls

msedge.exe

2.8kB
3.1kB
12
8
2.16.34.107:443

www.bing.com

tls

msedge.exe

3.2kB
6.6kB
15
17
13.107.21.239:443

edge.microsoft.com

tls

msedge.exe

3.9kB
2.5kB
17
19
150.171.27.11:443

edge.microsoft.com

tls

msedge.exe

4.2kB
41.4kB
36
42
13.107.246.64:443

edgeassetservice.azureedge.net

tls

msedge.exe

3.1kB
7.7kB
14
12
5.252.33.158:443

www.roblox.com.ni

tls

msedge.exe

4.8kB
30.3kB
38
52
13.107.246.64:443

edgeassetservice.azureedge.net

tls

msedge.exe

4.3kB
29.8kB
29
30
157.245.113.153:443

tiny.cc

tls

msedge.exe

3.3kB
1.7kB
12
10
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

2.3kB
2.9kB
9
8
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

2.3kB
2.9kB
9
8
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

2.4kB
3.0kB
10
9
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

2.3kB
3.0kB
10
9
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

15.4kB
289.5kB
193
224
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

2.3kB
2.9kB
9
8
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

55.0kB
1.9MB
918
1421
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

2.1kB
2.4kB
8
6
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

2.3kB
5.2kB
10
8
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

2.1kB
5.2kB
8
8
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

2.2kB
5.2kB
10
8
18.244.28.55:443

js.rbxcdn.com

tls

msedge.exe

2.2kB
5.1kB
10
6
13.32.145.114:443

images.rbxcdn.com

tls

msedge.exe

7.6kB
122.5kB
83
110
3.162.38.58:443

static.rbxcdn.com

tls

msedge.exe

4.2kB
35.6kB
32
46
3.162.38.58:443

static.rbxcdn.com

tls

msedge.exe

2.3kB
5.4kB
10
10
205.234.175.102:443

css.rbxcdn.com

tls

msedge.exe

8.7kB
225.3kB
127
175
128.116.13.3:443

roblox.com

tls

msedge.exe

2.9kB
7.2kB
13
13
128.116.44.4:443

metrics.roblox.com

tls

msedge.exe

7.5kB
20.9kB
42
51
5.252.33.158:443

api.rustyend.net

tls

msedge.exe

7.0kB
9.8kB
18
12
5.252.33.158:443

api.rustyend.net

tls

msedge.exe

6.3kB
5.0kB
22
21
128.116.44.4:443

ncs.roblox.com

tls

msedge.exe

3.6kB
8.1kB
17
19
216.239.34.36:443

region1.google-analytics.com

tls

msedge.exe

4.4kB
8.6kB
18
20
13.107.21.239:443

edge.microsoft.com

tls

msedge.exe

3.2kB
7.8kB
14
18
150.171.27.11:443

edge.microsoft.com

tls

msedge.exe

3.1kB
7.4kB
13
16
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

2.2kB
4.0kB
10
8
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

7.3kB
111.1kB
91
90
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

2.3kB
4.0kB
10
8
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

2.3kB
4.6kB
11
10
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

2.3kB
4.0kB
10
8
2.18.190.100:443

tr.rbxcdn.com

tls

msedge.exe

2.2kB
3.9kB
9
7
2.16.34.130:443

https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

tls, http2

1.5kB
7.3kB
17
14

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239414284817_1UVYYSBXC4CID8KBL&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=48&h=48&dynsize=1&qlt=90

HTTP Response

200
13.107.21.239:443

edge.microsoft.com

tls

msedge.exe

3.0kB
7.7kB
13
16
5.252.33.158:443

astro.rustyend.net

tls

msedge.exe

7.6kB
52.1kB
41
61
13.107.246.64:443

edge-consumer-static.azureedge.net

tls

msedge.exe

3.5kB
9.0kB
14
16

8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
208 B
1
1

DNS Request

edge.microsoft.com

DNS Response

13.107.21.239

204.79.197.239
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

tiny.cc

dns

msedge.exe

53 B
69 B
1
1

DNS Request

tiny.cc

DNS Response

157.245.113.153
8.8.8.8:53

tiny.cc

dns

msedge.exe

53 B
127 B
1
1

DNS Request

tiny.cc
8.8.8.8:53

clients2.google.com

dns

msedge.exe

65 B
105 B
1
1

DNS Request

clients2.google.com

DNS Response

216.58.204.78
8.8.8.8:53

clients2.google.com

dns

msedge.exe

65 B
139 B
1
1

DNS Request

clients2.google.com
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
208 B
1
1

DNS Request

edge.microsoft.com

DNS Response

13.107.21.239

204.79.197.239
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

tiny.cc

dns

msedge.exe

53 B
69 B
1
1

DNS Request

tiny.cc

DNS Response

157.245.113.153
8.8.8.8:53

tiny.cc

dns

msedge.exe

53 B
127 B
1
1

DNS Request

tiny.cc
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
238 B
1
1

DNS Request

copilot.microsoft.com

DNS Response

2.16.34.97

2.16.34.90
8.8.8.8:53

copilot.microsoft.com

dns

msedge.exe

67 B
267 B
1
1

DNS Request

copilot.microsoft.com
8.8.8.8:53

clients2.googleusercontent.com

dns

msedge.exe

76 B
121 B
1
1

DNS Request

clients2.googleusercontent.com

DNS Response

142.250.178.1
8.8.8.8:53

clients2.googleusercontent.com

dns

msedge.exe

76 B
162 B
1
1

DNS Request

clients2.googleusercontent.com
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
341 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

DNS Response

2.18.190.170

2.18.190.174
8.8.8.8:53

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

dns

msedge.exe

98 B
370 B
1
1

DNS Request

msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
8.8.8.8:53

www.roblox.com.ni

dns

msedge.exe

63 B
79 B
1
1

DNS Request

www.roblox.com.ni

DNS Response

5.252.33.158
8.8.8.8:53

www.roblox.com.ni

dns

msedge.exe

63 B
125 B
1
1

DNS Request

www.roblox.com.ni
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
205 B
1
1

DNS Request

edge.microsoft.com

DNS Response

150.171.27.11

150.171.28.11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
206 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

edgeassetservice.azureedge.net

dns

msedge.exe

76 B
243 B
1
1

DNS Request

edgeassetservice.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edgeassetservice.azureedge.net

dns

msedge.exe

76 B
287 B
1
1

DNS Request

edgeassetservice.azureedge.net
224.0.0.251:5353

msedge.exe

204 B
3
5.252.33.158:443

www.roblox.com.ni

https

msedge.exe

89.2kB
863.5kB
331
872
8.8.8.8:53

css.rbxcdn.com

dns

msedge.exe

60 B
156 B
1
1

DNS Request

css.rbxcdn.com

DNS Response

205.234.175.102
8.8.8.8:53

css.rbxcdn.com

dns

msedge.exe

60 B
227 B
1
1

DNS Request

css.rbxcdn.com
8.8.8.8:53

static.rbxcdn.com

dns

121 B
429 B
2
2

DNS Request

static.rbxcdn.com

DNS Response

3.162.38.58

3.162.38.66

3.162.38.18

3.162.38.51

DNS Request

www.bing.com

DNS Response

2.16.34.130

2.16.34.107
8.8.8.8:53

static.rbxcdn.com

dns

msedge.exe

63 B
232 B
1
1

DNS Request

static.rbxcdn.com
8.8.8.8:53

astro.rustyend.net

dns

msedge.exe

64 B
80 B
1
1

DNS Request

astro.rustyend.net

DNS Response

5.252.33.158
8.8.8.8:53

astro.rustyend.net

dns

msedge.exe

64 B
127 B
1
1

DNS Request

astro.rustyend.net
8.8.8.8:53

js.rbxcdn.com

dns

msedge.exe

59 B
205 B
1
1

DNS Request

js.rbxcdn.com

DNS Response

18.244.28.55

18.244.28.99

18.244.28.58

18.244.28.113
8.8.8.8:53

js.rbxcdn.com

dns

msedge.exe

59 B
223 B
1
1

DNS Request

js.rbxcdn.com
8.8.8.8:53

images.rbxcdn.com

dns

msedge.exe

63 B
217 B
1
1

DNS Request

images.rbxcdn.com

DNS Response

13.32.145.114

13.32.145.6

13.32.145.71

13.32.145.74
8.8.8.8:53

images.rbxcdn.com

dns

msedge.exe

63 B
231 B
1
1

DNS Request

images.rbxcdn.com
8.8.8.8:53

roblox.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

roblox.com

DNS Response

128.116.13.3
8.8.8.8:53

roblox.com

dns

msedge.exe

56 B
121 B
1
1

DNS Request

roblox.com
2.16.34.107:443

www.bing.com

https

msedge.exe

3.2kB
6.8kB
11
14
8.8.8.8:53

metrics.roblox.com

dns

msedge.exe

64 B
158 B
1
1

DNS Request

metrics.roblox.com

DNS Response

128.116.44.4
8.8.8.8:53

metrics.roblox.com

dns

msedge.exe

64 B
207 B
1
1

DNS Request

metrics.roblox.com
8.8.8.8:53

api.rustyend.net

dns

msedge.exe

62 B
78 B
1
1

DNS Request

api.rustyend.net

DNS Response

5.252.33.158
8.8.8.8:53

api.rustyend.net

dns

msedge.exe

62 B
125 B
1
1

DNS Request

api.rustyend.net
8.8.8.8:53

ncs.roblox.com

dns

msedge.exe

60 B
131 B
1
1

DNS Request

ncs.roblox.com

DNS Response

128.116.44.4
8.8.8.8:53

ncs.roblox.com

dns

msedge.exe

60 B
180 B
1
1

DNS Request

ncs.roblox.com
8.8.8.8:53

region1.google-analytics.com

dns

msedge.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

region1.google-analytics.com

dns

msedge.exe

74 B
131 B
1
1

DNS Request

region1.google-analytics.com
8.8.8.8:53

ecsv2.roblox.com

dns

msedge.exe

62 B
156 B
1
1

DNS Request

ecsv2.roblox.com

DNS Response

128.116.44.4
8.8.8.8:53

ecsv2.roblox.com

dns

msedge.exe

62 B
205 B
1
1

DNS Request

ecsv2.roblox.com
5.252.33.158:443

api.rustyend.net

https

msedge.exe

11.3kB
15.7kB
45
42
8.8.8.8:53

lms.roblox.com

dns

msedge.exe

60 B
154 B
1
1

DNS Request

lms.roblox.com

DNS Response

128.116.44.4
8.8.8.8:53

lms.roblox.com

dns

msedge.exe

60 B
203 B
1
1

DNS Request

lms.roblox.com
8.8.8.8:53

voice.roblox.com

dns

msedge.exe

62 B
156 B
1
1

DNS Request

voice.roblox.com

DNS Response

128.116.44.4
8.8.8.8:53

voice.roblox.com

dns

msedge.exe

62 B
205 B
1
1

DNS Request

voice.roblox.com
8.8.8.8:53

tr.rbxcdn.com

dns

msedge.exe

59 B
203 B
1
1

DNS Request

tr.rbxcdn.com

DNS Response

2.18.190.100

2.18.190.180
8.8.8.8:53

tr.rbxcdn.com

dns

msedge.exe

59 B
232 B
1
1

DNS Request

tr.rbxcdn.com
216.239.34.36:443

region1.google-analytics.com

https

msedge.exe

4.2kB
9.2kB
7
11
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
208 B
1
1

DNS Request

edge.microsoft.com

DNS Response

13.107.21.239

204.79.197.239
8.8.8.8:53

edge.microsoft.com

dns

msedge.exe

64 B
220 B
1
1

DNS Request

edge.microsoft.com
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

astro.rustyend.net

dns

msedge.exe

64 B
80 B
1
1

DNS Request

astro.rustyend.net

DNS Response

5.252.33.158
8.8.8.8:53

astro.rustyend.net

dns

msedge.exe

64 B
127 B
1
1

DNS Request

astro.rustyend.net
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
5.252.33.158:443

astro.rustyend.net

https

msedge.exe

35.7kB
184.7kB
104
175
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

edge-consumer-static.azureedge.net

dns

msedge.exe

80 B
251 B
1
1

DNS Request

edge-consumer-static.azureedge.net

DNS Response

13.107.246.64
8.8.8.8:53

edge-consumer-static.azureedge.net

dns

msedge.exe

80 B
281 B
1
1

DNS Request

edge-consumer-static.azureedge.net
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni
8.8.8.8:53

assetgame.roblox.com.ni

dns

msedge.exe

69 B
131 B
1
1

DNS Request

assetgame.roblox.com.ni

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4facd0ff10154cde70c99baa7df81001

SHA1
65267ea75bcb63edd2905e288d7b96b543708205

SHA256
a13534df0cd0a79a3a1b91085a6d575b47d5a9aad7fc6d712fd2616c0e95a23b

SHA512
ad8d2b965851c0ddc23e92ae151b3b0b2bcda850c446f4278bdb0754d6b42ead8fc034b394749578a27b33ad7e4ab0633f974dfd4773fbe4d93ae477f00b73f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
049e5a246ed025dee243db0ba8e2984c

SHA1
15ec2d2b28dcfc17c1cfb5d0c13482d0706f942d

SHA256
33071ca42c472861a2fabd0f82f8b03ef0daaa6796b24b83f3df02587e4c3d12

SHA512
bc5f6fa6a8cae20ab40eae4552650d75f38ebb158c95288a79d9f332623bb507946513c39d19c00a5aee323df01f0f1a51c54594ef1c293289baf45f4ae2145b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
18KB

MD5
befd9c0fdfa3d8a645d5f95717ed6420

SHA1
c8b43436ab1659f32cc05625389f63e8047f90a8

SHA256
94e5c823e72e71cc20f4bfa29b0434f2260040965d9d066c0e7cb5dc99ffd6c3

SHA512
4d0b790db4323558a9eccadd1df116883b7044e0f7e4dfe120c2c98814e55ceb1bf4cde14e0f6af38541ef723571db0cdf35a2b3ee398af2d3031a9928df1d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
47KB

MD5
d4fe31e6a2aebc06b8d6e558c9141119

SHA1
bcdc4f0b431d4c8065a83bb736c56ff6494d0091

SHA256
c88db2401bef7e1203e0933cc5525a0f81863bfd076756db12acea5596f089ec

SHA512
1cbe7641b8930163ed3ea348f573cad438b646ed64d60c1923e5b8664c3de9c2c21ba97994ec8d886f489e4d090772b010de72a1167547fb4f6a2d242d46aec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
43KB

MD5
ed5dc700154a8539064a21f403bd66f8

SHA1
76e50774073782847d34082fbce6caddbe838025

SHA256
9f742035e113f6caf3d3db34beee760094b250cb2ea265c2cdb31f04d966a046

SHA512
3c13ff62222766c96889fcc3ad53fb207cc01b4a077727e1703455e1a1fa1a3fd75aaed619cf5eb9c910300c592ae5a43a58fbc7ca8503ad87a8040769dc5778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a7e673b2e1910c0b0cf62b4141ad659e

SHA1
ad47092407d39f254c982a7bdfbe407b5d12264c

SHA256
bb073b16968636d58be358ea63cce2973408d82da5e0d6a8dbd7a31dee69ea87

SHA512
03a5ce289aa3cf4b50f51585340c47a399198e4848efee55b6f411ba931f12196ef5ed626182e014f7e9d2eb5418e06d4d6403527a636a1c0d8c4334eda33ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
30cd254aa477694e0e76c6b46696df0c

SHA1
cf0f83dde0a58d24894af3064571a44e1e7ae05a

SHA256
dcefee65829b8d849d6a4dbcbb5c43668f2385daf80215092ac7cdf51e9e568b

SHA512
3885a5fd458dbd451903d6e464a8db6c495a5721413d22ad10af08c6d6192fbcdc340459e818813120c1d3cc1e1ba2ad8f976521a36cf04f77f7e8c57fff1604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
1752607ff9e1de6252ce5aba4068238a

SHA1
9f87756c14663ac347d3ec0daf59c63d46269a23

SHA256
5cb19a4a141e922bc10c43ec6347d7521100886099abf68cfd9e9147f37643e2

SHA512
8d121009dfb85c0b655fc1c2234902de3b71c9ef13e2b5d0463bbf39ccfc12f37498a9978508935e4ba71cbc64885cb86e5742ce8dcd071b1eef5a9b15b14807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
5159e1385ff239a573916ebe8b8ac358

SHA1
614f9f587b7cb95e87c0d4ab85429cdefa0c9dc2

SHA256
9f55c6ef8eb5aa898a093f49aa3799a43648e4eab279543e1b1f385dee2bbdc0

SHA512
beb701cf51fa8d664be63c4c2d9acaa51d6dc2d6bf34bf757e3905c53ad4591cdae577342a960903a965b4ba2bee6d6912d2e96008dd7e6d8efe3b17b538f772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
8f70e415abdd90596508a7cd632ab1ec

SHA1
e96c3e2b57946f2e52a47d2343c6e6e3fec938d3

SHA256
114e6c60ae19b264e5595bb1257c00a7d2215cec131d30e1f37da1d2c6dc1e13

SHA512
712a7eb69b1f460873bcb61aa241734bcea1f7a6b59adcf95dc7e29c2d6329f9f33fcf9aadc82e1a16d68ec771cc0167627cd3a126e9dd36ebcecdfcf7510524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4e4e5fe5e8dc19d758967de7ed99049f

SHA1
40643e48ef4863ab4f1c6376d3be78af1222bcac

SHA256
31880a950151f4ff80e9629ca2f31112b3a4d00f7dc4ef82c5c43b69a10b47bf

SHA512
ddf6b6bf44654009eb598a5f44ad6d0186367fd640237e108c0b54f14a9ba38e889daa7a782900fe2e4889b538e4fb178eac4da3a31cc5e2247eea44d0710bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57f0e8.TMP

Filesize
392B

MD5
d3b3d7b65e5005ab41507cc950ceabd2

SHA1
dc8c3a3aa7a13081696edfdd4e8a88f61e6f6b82

SHA256
adb3df530e8c2642f566faf974cfe444268b5dd37b407c7b5c8b1545098842bc

SHA512
141f906773abb1cfdfdd0ca7927ecd486fee41118dbc8e9d1a5451ca75901aa0bb19d5d3a4c3e604484334a2dead8123971d0f39f1b07449c53efffaf8db0fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cba19a2e-73ac-4490-81ce-fb23fd7a48dc.tmp

Filesize
7KB

MD5
2a5a72a2d49699889ccda172a2b36dec

SHA1
ab46a3cb9adf10967a2517f1d1d935e52980ab75

SHA256
a42bab66278a9b51ff8c440a78f418aec3da3792b51ce2263d3656030b1222e6

SHA512
26b9a36e858cc28991a2957a324fa0e58242dbee06b5a5229dedaac4e3a4f4a43c755f258e9a7b1f7b63d5244161c78fcceb84fb1841b583a46715cc3de7cf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
7d2c0ec980f4915d526854d1a34bd894

SHA1
193e78923dff2a2a55cba4a618e34f03c2f3f159

SHA256
7787c19c41aff1e1a8793f76125f16aba36cdcf7fcc54a41895f3c45e8e1a6af

SHA512
4d3acdb04258b924e2ebe8c95279902eccf5eddf39f0f238b5a7ceeaaec2a00c193ea4d1738d3db12cc451629d20ab9d44bf4a0e25979a713f3c6a56dfa84d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\2a35c01b-6fe0-4962-a126-d879e72b8d5c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\8ffc1913-f1b3-4dca-b375-5e47712b8708.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir620_826686813\d9b4ef81-4e07-4e8a-8051-c184e037df5d.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request