hxxp://roblox[.]com

Resubmissions

21/02/2024, 21:53

240221-1rvknafh2x 8

21/02/2024, 21:53

21/02/2024, 21:52

21/02/2024, 21:50

21/02/2024, 21:46

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 21:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{39D807BA-62D7-4DDE-A696-2A638ECB3DE5}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
2108	msedge.exe
2108	msedge.exe
3508	identity_helper.exe
3508	identity_helper.exe
3212	msedge.exe
3612	msedge.exe
3612	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe
2108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2620	2108	msedge.exe	39
PID 2108 wrote to memory of 2620	2108	msedge.exe	39
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 1540	2108	msedge.exe	85
PID 2108 wrote to memory of 4448	2108	msedge.exe	86
PID 2108 wrote to memory of 4448	2108	msedge.exe	86
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87
PID 2108 wrote to memory of 1088	2108	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc733d46f8,0x7ffc733d4708,0x7ffc733d4718
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2855446462249416350,2141404798754498888,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
97KB

MD5
d347e96ce4517124b58ded44d539c691

SHA1
cdf955ccc2a9edbde36fd89c385d86189e44a1eb

SHA256
fa785a5e3361dd9bdb4b0b2154d071e690d668364931b24f706ce639f517a11c

SHA512
cfcaf432f2440f8fd43d68ca2f1f0265c44c0356d90555e0266b38239afd89ba625eda927a34a9431bc1319440d1d2ebbeb0b027b46bb127fbf803672d50ce5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
49KB

MD5
7e76e07ee938c1eb57c0b9fa7c705537

SHA1
acff5e7503c356f75e8e447b75c128d3bcd7d7c7

SHA256
28b1996d337b0ebf3b0ece1dbeddfa24a20ee68b6ab0e24f7cc4bf87831c2d48

SHA512
dc665156a5cf12f7ef2baecc17a4c10333b2a9bed8ad0306bd85967357add6c695385cb105b494a1f246d2032a892ff7381322bede8379473c8179c3635da85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011d

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ba257d9d5cc6e4f612799f5bcc028a8

SHA1
8eda95df2ddd89de684d1bdd6ffbaff6ece820fb

SHA256
ec1a679ccd5745c98da557a216c79a313cef02b6ebbf5a78c5d22ee2c1167beb

SHA512
7f3de1dac0ac57ce9e5ef5b4c50f43cbd0c2fe9c84662dab8710c954ca5c171a7bc53a396c207fbbab19f527f7d79c09be4ebdb685b2b0845328a577e2848a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
efbec5fddaf4dc5d2708dea10b7d8a94

SHA1
ecf8c0b6d42f2525019796b23a07aa5031114936

SHA256
f25aaab704637f6bc62de2323f2b083374b6cd0d6789adf44c149f47e11acaa7

SHA512
1443920edd162b8a3c9222fea5e9d747b704d7c01b3f8d19d8c82e2051ab1bacc4f2b650e431f36ea9633d02b588fcdcfcd71ae5970c29a248818adfb842e50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9150e739f913a68391bdfb41c8356498

SHA1
f045b9bc23cc00e488add270d550cdbde3f66010

SHA256
316aa5634a23e88dde6408a8f2eef2b1ede5f8589b719ccd131699662ea0d218

SHA512
d5af5bbf30301ec0acf94dcdb329ba80223f0792a8304ef5f7cec89ff7cf706b4abfd5f3925355d61e239299e6cc66973f04bcf3a728cd595d575747c6f30715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
897328675616d70b795c8dc17312f453

SHA1
7c77947a75b92b7ccde6fee906b4f766dc93d99b

SHA256
f95461cde9c42fd0968c8a8c6c943a81e8f8c8210429f55f325878d1f366c8a4

SHA512
e99151b813fcb977face17bc69fdc4fa730223a3324e205575111ae2ad4c568f647cc4bb3db69e5e7cf9515f9c23e0941be45e0f97dc4013a408d353c8f4069f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
988B

MD5
ebade9d27ad46a8e02a34eec0251621b

SHA1
35873d730c1f9dc4386ab6dfcbf6fe6f1da25934

SHA256
5c7746a071ca976cc66136caa9a1e55e0c19332c8b0ae6f8a36393eb6a58e806

SHA512
ce606a9c762134d5fd42fada75e203fae699e0d52fc99b0caed783a7c942efd8eff522a0ff4392372ad88ed952dddb0dde6bea2185b8f1d0de592efe8e7ce21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b3c204473a0a9e4972bde8d16b7eeef

SHA1
c1bc93637d5108922601c9368f1858a570f3900b

SHA256
933658af09177a643f22f66411dfdf2112e5ac0e282138a17b730c8b47b6abab

SHA512
57e82fbb613cfd312b7afd3d2ab8fc37c32ff7dd3cc5211f7cca31e829129188d090ad48a8f8d0e6550d7748d6c3fd18c008eb53e8eba0ba8b611bda7daf4ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4f835a2068743551fdda5fd4c666e3a

SHA1
857afe3134275ed4581e64ae0c61266d6d7ae9b9

SHA256
d340ebc02d29226758386904d7a96cb261ec0130ba11c4c92053e27f72d76e3b

SHA512
b224ff76d8db77e89860fd745fa3774fd00bb9b5ef5da0689a7b6e8bc09205bba8ad71ae7962008bbad5155ae602bb015ab0bb7349f4cf96b44954fa062a8a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5dab2bb2649b5c6bc8afe5c029a101b

SHA1
e32a22af438611e529de00105ae2cdd898348102

SHA256
217c1da2799b5c86a0ba3f69e2cba3814fbf3fd045982b4602b059d5e4575588

SHA512
6a7c96f20a6685f5cfd00d5f8949237959054275669b365fa853f26b60f777a8dd91213b516f6f2f2adfd1a1f04a4d8d37a5d110417ee839f358496efef27a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7085250f2aa05aa72e7770f247fb3b4

SHA1
62fb30f064b75454ffe8f4f78cb85544355fa45d

SHA256
423c2819c55648be97db7d7b80ed6c99570651166c0ad118317d4b8fdfa7333a

SHA512
487ff6357c382f4ae95a69b4a95342e202a055835632929e8d5af65bf4d314cd88ad1da5262ebf4403bd2a4b67607f257880e59c1f0c5ab1e3ee0768fac2bde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fe558f5f6066eec9e4a1b3904b7a03a

SHA1
7d83508300cd7a9f2097b18d84ea6c702f20274f

SHA256
3392a4b354236e139e3885508b8b6e9e76454ef71a45f4f084c900222d9d4eb7

SHA512
c3ab7c13388aa3f2cfc799505b8d9c1074a11858377b327e1438cfcdd9aed82fa928463c4043227ccb6b7702eb41080816093bca22f7c6b59c6d35ebb8d71f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6b24fb9cb6a96e95297831e87b7e4918

SHA1
ac9db76663d6b5eaebebc030866acd284c595f0d

SHA256
f691f223c3c111ce87ddfb7c236890880896a2d27b3574a0f2b407350d4fa0be

SHA512
02bb5addd2a254dacf27b4b17f7b78a3a62e9920c6e824da6427dc1635acf671149503d9781f9f002f31657a300fa946b70489352db0d2aa067e0fd5ba6a214c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ffd27a8fe6eacbb45c7308bc99092061

SHA1
18e23c99d5a11bfdf8fa09d6218867f24e4a58c5

SHA256
34d07a2f4e91b20c3bcec8b5f3bcdc0c1b19ae9196658514d86c65fbe4f4d57a

SHA512
26a8ef625fa17ca9997b50caa66fb156fedde8a36a7539ea305775f0c18b1a79e680c0d53df15dca3a36c228d06c91195c6988fa1fac1252ae3f716136b4b5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9cc61f8d7c0e5ba5455fbf420bfb83a1

SHA1
5b76d963c01f9846425e8f5091b7316163132d37

SHA256
5835152c134d65b86ff50df3c108bfe0308b796002358a597e7e634fc9cf01b7

SHA512
6e59eca574c88abbddea1dd71c7b55466ff28baaa2f652a5bcf9563fd1de1b24e15556f02fb6fe8436feab369a8b5b3b9e6f1af2b128947ee768de88838b75a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f11854533523fb97284b3f7b4592d2d2

SHA1
3fbfe280d3bb9031c79aaa27bbc7c06b78324176

SHA256
a1129d5d44e8aaf706fccbb5d480a9032f081c764bee373babb38adf37bff2f2

SHA512
5078352cdc25bf82f41f20dac73906edc2656069e282df758946748be6d6c1cfba7c69c682b0b0fb18518ece3be63aad2755a0d68f0ac1dd8597d4954f71d3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8cbbc549ca78d34e623ae6337c488f24

SHA1
76414fac5bd88651c7d07fad2fe4ea6ca3076a78

SHA256
a5a0289048be5df5bf07d0e6e0cbf8e1cd8554aabcb9e763d4ef050b4c437f49

SHA512
362ec0adb23b6f1c7a6aba7b9f31368527c3c27d2fb3a53bae0d98cbe3df5ff39e57c927772da4e36b53f8513623322149b6e0f9bb2ff0f9b0a99a52b57946db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5b32fe57f73250ac04ef2cafc5aa1120

SHA1
bf498804ecc796658f5b125938283293158d379d

SHA256
425a2d09ba727e97799fc402932a0e7f83ab5fdcf9289b110f65d7e2cf699167

SHA512
255f6460403a70bf76547b1c42533c6855db6fe97d0fde2151404f207be61db189a1d846365b94eb6e84cd4bbfe304485f1c1872871aea5f484902ce02229125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6727037082f358e072edf8e6645e6dfc

SHA1
64a5386c68382ceea559cb76f2da82fb2fc29380

SHA256
7226a5bb198834141abe8f4ad59dcf87d41a1af6a72ff4c0ebc0ee30665d9b31

SHA512
ebc343717c4b2b009cafc33e2d5ad58db6a129fad057126b2bb0ac639e229421e2043fdb578487770938f6293e93d39cdc9b557aa6319f8d20163d1c102a079c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
517b662e12c1d401ee9a9110bcda0f1c

SHA1
8efb7021b7084dac18d29f82272f36c3d57e251b

SHA256
88f9d89a5f61807a29e2f6f4e42889d5c147f47ec9359f9942a5825e088d731f

SHA512
1a60429ac89477d75ef33e370f32dc0bf143b770ea963f7f8707f4f72423814768796aa453dbd0bfa70ddafba75d1e14154ba46aeb69deda15eaa9c1583c6a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0c1f2c292affc4ea6295b443a67ccf97

SHA1
6181a9d5fa28710d60f6396217a3dee920e8f9f5

SHA256
7f63bd5ea945e4a5077fe8920fd3fc52e715a3c25e9d1eb91b41e045e485b842

SHA512
0df4a9a4b40c42810fe6f9b517e52fbdcbee8abfd7764f9e38792e14ab0bfe05ce36ba1195da832b6bda93c2a198b75f6acf3dcfedaffbe8ad4c6e73e78ef0db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b9ea.TMP

Filesize
1KB

MD5
8a18ceff01753c50cf8c994f3c0eb875

SHA1
0e397480eff2c2e082fcdc2bc1f0f3f64c68dda9

SHA256
636932aba0580003e16440f7a2649c32c4665db610d5d09725a5aa4ac0148d7c

SHA512
de451ea4fd69aca9b0d695325734431fe76116149f01130cbaef7f6cad7de807842e8da2114b4b2f7789c714f3b21946ef98c7c5b543ead7dd93faf2a3bc2d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48a1a9a0d311b5ca71b383877e1f6a96

SHA1
e8db5b71ba50446c0f58ab1418aeefe99d8155cd

SHA256
420a5c926e6ea8daf1331c8ab2d3f6aedbd453365198efb3df7e7eccbc40e640

SHA512
08f01ec364ed0d488c50a1da03a9825c2573e8089b884544543e23cb0e2053b3047768220b857b3c09a6231396832f5cead462f9f792a3aca8d5d35b2544356a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit