hxxp://roblox[.]com

Resubmissions

25-02-2024 18:46

240225-xewemsaa59 8

25-02-2024 18:43

240225-xc1ataaa42 1

Analysis

max time kernel
150s
max time network
156s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25-02-2024 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

8^/10

evasion spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3816	RobloxStudioLauncherBeta.exe
2208	RobloxStudioLauncherBeta.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxStudioLauncherBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Lua\PathEditor\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\qt_translations\qtquickcontrols_pt.qm	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-573fffbe-e673569d\ExperienceChat\Actions\VoiceParticipantToggleMuted.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Lua\Notifications\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\ScriptPerformance.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\DevConsole\Components\UtilAndTab.spec.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\PlayerList\Components\Connection\CoreGuiConnector.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\JestCore\JestCore\getNoTestsFoundMessage.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\mock\mock\isAMagicMock.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\LuauPolyfill-2fca3173-0.3.4\LuauPolyfill\Object\isFrozen.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ManageCollaborators\arrowDown_light.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\VoiceChat\SpeakerDark\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Navigation\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Navigation\Light\Large\Help.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\AvatarEditorPrompts\Reducer\ScreenSize.spec.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\InstanceOf\InstanceOf\.robloxrc	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\JestUtil-edcba0e9-2.4.1\JestUtil\deepCyclicCopy.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-a981163f-ba94bdf5\ExperienceChat\Flags\getFFlagFixDoubleSpacesAfterPrefixText.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\Merge\Merge\typedefs-mergers\arguments.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\PerformanceStats\BackgroundRounded.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\ApolloClient\ApolloClient\link\http\selectURI.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-a981163f-ba94bdf5\ExperienceChat\Actions\ChatInputBarActivatedTeamMode.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\JestCircus\JestCircus\circus\combined.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\DeveloperStorybook\Banner.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\InGameMenu\Thunks\NavigateUp.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\textures\ui\InGameMenu\TouchControls\d-pad.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\RoduxUserPermissions\RoduxUserPermissions\Reducers\userSettingsMetadata.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\JestGlobals-edcba0e9-3.5.0\JestGlobals\init.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\llama\llama\Dictionary\keys.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\WidgetIcons\Dark\Standard\RunScript.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\llama\llama\List\insert.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\DeveloperFramework\Favorites\star_stroke_white.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\InspectAndBuy\Reducers\CreatingExperiences.spec.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\Collections\Collections\.robloxrc	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\NetworkingAccountSettings\NetworkingAccountSettings\init.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Navigation\Dark\Standard\Back.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\RbxDesignFoundations-4f0cd42b-a744f1a5\lock.toml	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\Controls\PlayStationController\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\VR\toggle2D.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Navigation\Dark\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\WidgetIcons\Dark\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\WidgetIcons\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\Dash\Dash\freeze.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\ExperienceChat-573fffbe-e673569d\ExperienceChat\RaiseActionAsEventMiddleware.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\RoactGamepad\RoactGamepad\Test\MockEngine.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Lua\Toggles\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\textures\ui\InspectMenu\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\Server\FreeCamera\.robloxrc	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Clipboard\Light\Large\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\Debugger\Dark\Standard\StepOver.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\VoiceChatService.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Light\Standard\[email protected]	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\AvatarEditorPrompts\Thunks\PerformSaveAvatar.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\TrustAndSafety\Actions\EndReportFlow.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\LuaPackages\Packages\_Index\GraphQL\GraphQL\language\__tests__\blockString-fuzz.spec.lua	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\content\studio_svg_textures\Shared\InsertableObjects\Dark\Standard\ModuleScript.png	RobloxStudioLauncherBeta.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-b0be9ce0740f40b4\ExtraContent\scripts\CoreScripts\Modules\ContactList\Components\FriendList\FriendListItem.spec.lua	RobloxStudioLauncherBeta.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	RobloxStudioLauncherBeta.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\RobloxStudioBeta.exe = "11001"	RobloxStudioLauncherBeta.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-627134735-902745853-4257352768-1000\{794C9F42-D401-4195-9A4D-6BDFBDCD8683}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 25241.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
3828	msedge.exe
3828	msedge.exe
2640	identity_helper.exe
2640	identity_helper.exe
1316	msedge.exe
1316	msedge.exe
2744	msedge.exe
2744	msedge.exe
3816	RobloxStudioLauncherBeta.exe
3816	RobloxStudioLauncherBeta.exe
4432	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 832	3828	msedge.exe	77
PID 3828 wrote to memory of 832	3828	msedge.exe	77
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 2132	3828	msedge.exe	78
PID 3828 wrote to memory of 884	3828	msedge.exe	79
PID 3828 wrote to memory of 884	3828	msedge.exe	79
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80
PID 3828 wrote to memory of 904	3828	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9ad543cb8,0x7ff9ad543cc8,0x7ff9ad543cd8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6268 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe
  "C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- - C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe
    C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=33db88719123bd6e70c8be814e9c3adf0810f627 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=0 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x7b8,0x7bc,0x7c0,0x708,0x4b4,0x12d25c0,0x12d25d0,0x12d25e0
    3⤵
    - Executes dropped EXE
    PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6844 /prefetch:8
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,1896038884452101754,10045842041686065303,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6856 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
2KB

MD5
0b109a7aa2b507389515f92623e9e2ff

SHA1
19c7d4980c2a8a2b1b71f45598d1359edbab2960

SHA256
195dc5abaff1a15478c17d9c38aa2a7bcaf7f86af3309e12e92d02e8bb2d138a

SHA512
1f4372f6ee2c0ea6de4d294400eb8b73f2c35b760499626577e594eee92bc6561ff1c37907e1cca1e270989496063b14bd1db69bedf528bc8c9675cb04984c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\72BA427A91F50409B9EAC87F2B59B951_2033B9334DC92599122A3B9136FA3F05

Filesize
472B

MD5
3f5a73692308b0e73a83c333d7a927e7

SHA1
85e71b462c1951dc18f2026fdeb9811ac4b57bd6

SHA256
7faf042f1546d1c489c6a72f5a63f638735ec44c2e28ab5d109d1aae265e6ec8

SHA512
ae3a00335f87956f0adeccc5cded6223a5a609703216428e0cfc0a03fd5dc67786fd9a57a7fac5a9f99f5b3571d6b0330b5e9a3d79946a7f1ee010c186a0bd59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
d2880c8237a99b270a87683705222de4

SHA1
14e02e07f4939698ef26a56e4ee377636b5e23b5

SHA256
8fa7d1a5d4706b3ac7fc8155a5cc2c92213e5d824416bd3f0e7c1851fded4e13

SHA512
67bbd513520d2f8b0736b1dcaabb7a002aec0b0b706a03739fdcf57c45fbde844bca550c1043da9094ac6a7f9e86649d72c76a7b29ef90d36262e47c402baa34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833B

Filesize
488B

MD5
ce632c764bc075b16a1d325319c72414

SHA1
16af0689d5e946f91fceec8bc3a50568f1613516

SHA256
4251d7a16cce76a70d559ae92bb9f44bc6eb3c028f025a8004c172eb330fd855

SHA512
aa1794341d4468281206595d6d5f3cc63fa74a2312d10c5684b26ed054e2340deb9117786179cf01aa68a7df0abe42142d18274355ee3820536e0ff9250983db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\72BA427A91F50409B9EAC87F2B59B951_2033B9334DC92599122A3B9136FA3F05

Filesize
492B

MD5
54c2e2963c01df9b9c147482bf3223f4

SHA1
c7a4f7818775d06ef019a4dbbc84560deb1955c0

SHA256
9ab853ba8ae8e4de5bd8cd3422c04ae5fc434159d611ebe3f83bcc84ead3ed3a

SHA512
9af3cf28cc35a9bbdc5dd8cd2b815d93b0fb7b12eeb37db6133a7c047fcb503c0f40ebf07675f8dd7ca829106bf2b6bf196c33fb499d42cd78352a21a3f5bd5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
943032c20e9348dda7a412eddf794d60

SHA1
eb3dd0f7009416a0cf421dba996eb3911724a952

SHA256
2f69bf320dadf82a56c1fe672f9579860f1c12e176344f510fe44eb76c69d5de

SHA512
bad064c21c4116a022fe07842361dfdf1f2ecbda215bf21a9566bdbd999ddf2763d3d500e2b2acdfb710ef46e0fc6094c8415648bb837b56b17e397b40ccb59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
86KB

MD5
4923a7479f3522cbe9389d7a4862ac07

SHA1
1bc1eb916c29c8cb05f5e46deb5740b2c5e992ed

SHA256
6d83cc91996c474cc23c3a20d6cc27b91e34117d0e15277512711efb9a6080be

SHA512
3d0dda89630f837e20956edd8ec1a083c79f5934f10adfffb116dc499d3b78418929f5c557c395cd78ef58d8a23ed2ce3af302a549a9d2aabae333c3857c8cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
43KB

MD5
66d562e3299ee732a53db150038c026e

SHA1
f514a9e346cd443d196c1bc401f078a9fa147323

SHA256
252d971616775193836fe6c0c057edc13c511ed2bdbdb61fbe3c4567a3a8e530

SHA512
ee24be2709cb98ccbde710654eb1ba533e432819caa8c6bf1fedfeceec452fa3c5f3b2402efc06e75d59e55b6e7beaa71f88bd049fad8e17449c0fde217a6468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
41KB

MD5
38e00f7de6f417aa3a458560a15e2b8a

SHA1
b451a3a2ab0b04170804d6cf823c6465f33f6f44

SHA256
cafe3fe334035fb21ebef6484cfbe1efa85c46f02113c57f8047c875fb9928c5

SHA512
659f0a9a53e98b2e5dd3256c55b96e5cff82f6b323edd5f92f8eb9897e1376329454734c6c799963ae392833d948eac84fb9b483a5a099c9ab942990a18e7f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
99b7f2166cb33423fd38045fdfb7e7be

SHA1
2163dff66768f4edf470427762aac2b9a54d4684

SHA256
211b4d89060b2de3f0c425160486a87a2ed8c948ff72a071ae2512c2b53a4796

SHA512
24a6c81daa6791d2a2be1cf41a2a1f9164668a0b5add56d92a80c1e74369bc7d0f3ce6d029492240dd3c1ce109c1c70517875c686bc6542b51807bb0b266ca20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1fa906b38a843edf2908e1741b23f0ad

SHA1
f5ef32658f48da24ed9eb18d568676a8ad090d7f

SHA256
9d9dc8b0043f45361c63d6978121aadd128d14274445d3d7cd9f92e70f2abcb7

SHA512
a289b97e5aee01a55ff1981991e13324a256873006051af920dac7c454d7b53052e90e6e26e6b231855f6d142801c221bccbf02588cc734825ee3b80a4b99462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d582d7e7ae31f09f3e24b95397921c23

SHA1
d524a0884eac3f87266591627a92cf9f309ed1de

SHA256
6ad8eecc006ff555bb442dd45f39136f950bfa59dad4b19ac220ff8743915356

SHA512
1788c5b667cfcda2dd0d11f40090b9502f6ce0bc894214ab6886731957ea4a3b719c0247da1d9eaccaa3647a8747b52eee03213bde32fcaf217aa4cffbd67c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1db879bf94aeef97420e6d88ca584a39

SHA1
2beebd08babdcc3efc27a7906c94cbe0302029cd

SHA256
b8c6ec58a855b54ead0231cf0b991747c00023484e696af961a039c04681013e

SHA512
43cf82831b739aeca41dbb1f68cc2a41e08afef0191d80570e4bc211756f615cb5d8f7b4b35dcd818f2ab4ad570a4951ac8445fdd535a59412c4a15a8d531da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0d9b9fce868b4fdf0ea4deab5989397

SHA1
d6f3f90bf3fb901ba6fea06120d7dabeea8dc090

SHA256
cece0052bc478f5061dc56d9e579bc40e34c3e56233d4be7dd5af396cd2b6aa3

SHA512
1b529c466de7bae1ac403ccd49de1e1a9c2576685224455f8d3c1ed088b9072f5f6a37e79b1f0bf59f10ec2a155ad1a7a65eaac68e3c5731702693ad9c0562f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0d4a3ea5e7428c0b27bc29d4ebf090d

SHA1
d3e30d4d80bd7d825a64e6afa151e63fd8167f11

SHA256
bbfc5e9de5d6b2bba31c1e5708d185095ef19b1dc606770d4d97ec1767f88026

SHA512
35b13732f80feaa1ab0575ce46c64c4447ab05787d913ce57d6c3b2fd5f2704b7bf325f351c1f2145ace67030a613a163221d6c9bcbf1dd600c0310b1af24f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b14918e0fbf7152d46a78fa14393b4ae

SHA1
b45bc43ebdcaf537ed4f67b0a7e4adfd29416151

SHA256
4e469431838996b18374c133a75bfa05e5e4ad6127ebc5fe0fd7606ee519f6d0

SHA512
8b57b1940f62cb114af7dd72e7c65caa3eb1c6c84c5556048d44166d387bc7e5db15032fccebec13ebb3a7dd2ca12f89be5f3be90819a5305af71db351142608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
de37563be374de7941701f7fca4d9bb5

SHA1
545c220b63f5862b74e4ba099cee297785d483e7

SHA256
ecac7b82e277027a7dda05785ed7e7b1eaaa62742d8d255d8192c26bd8150c8a

SHA512
f59b62971c03320d20933af7466f28c7543456bae8464ed48fc76d6a8bfad5846856b55a2c9c50627fec7ee56d34eecf33a71de962b4a987a6404f4c3c6387dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
92de2ab13057b95cb9cb408c47c228ed

SHA1
5509f1fadeb3dc0f0b6edfc4f44a64241ad0eb47

SHA256
cb3c2672a6c4e0e2e32e2e960eebf47627c6f9b725fe88c0fbddc4fc0e53561d

SHA512
6999f84cb0bb8fc4b8cc0cf17561f838e8672aa55eaea1958573ddf42de04271c9df76dbc70ce27102c2e073ebc863d3b7f24b922ec56be5b75be1efcb47ff8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cf912a769d43ac2189436dff67db9b02

SHA1
df2ad9ba7cf60234b0688a02b1c1acfce3c9c660

SHA256
88cb2672849e1a15c9f1ad41ef90db6957adaa97614b88dfba34e7fdd459297a

SHA512
7877eafe76768915a942d627d5ca879cc8852841d1849bef6ecf522f8de0deac06035905ba90d7ccb5b9d7ba2464ad5a8aec0031104e950897eda31a8b7ad236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8506f3c4f0f8e2c5bd558aaf9031f2e0

SHA1
bcef5dbc2d02b912105d8e2fdfc2727cce11799e

SHA256
98ee7ede9b65bcb5d6fd10482789f818f35fba60f6b3fc69b5a7e6feb3885992

SHA512
f149fde79fe5578ac4b1a4084615459f28d195219fabc4c6339188322df021d824767ad4a548dcf93ad8d5c2620b3128d7c5aa38ec42c01b7c831d744659fda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
703ebce3879f597b8f907cf2a2975d91

SHA1
4756d07b5f859af4bec30ff3989a97fdce7c70d7

SHA256
4c6ec8c48facda4bc22373cdd0ed5f89ebb1c8f86db5d4a70667aae5050203fc

SHA512
b61d340941ccc721cc194261d0852fc6eb109ecec7868771c52b437ece1bc8999808bf85e84bfca4d39282cd873c2f2c885467a7838da28ff54958a384a0730e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2e1f9bd57f368fdd6d7e9c827e3c8b51

SHA1
cb7d818365ca74f4cb2297bdc8b9672cdc10ff4e

SHA256
9925f2b445a3a1f5dbfa052175d1bd971c4b661b7a4050bdb1b3f3da7b831e0c

SHA512
7bb5f4bcf15cbe817b8ad108e04d9ee56cf83f7641511ae12964d2f5d4d468c7cb1c361d9381b80321d655bce7ef68c7746ef1325be8d16d352cb1f9568e0918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf75.TMP

Filesize
1KB

MD5
99f88a5ad0d05f1324a61aef099cde56

SHA1
51ff67bc72a7f405d2d59dc2e6688665624169c2

SHA256
a868c6b96176c444718b1cd6eb58af3ad057e41f058eedd07ab66940153d0ef3

SHA512
4ea7439109db361fc43b12755687d331307ba1d7ad633483d26dd38af6b107e0dca625070721e367934a8b8bf2938d6758d32776836553760611c2715d215d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a33346933545b2f1921b1ec9c3c0a240

SHA1
db63657dbd0b4e34fb986e82321f7435946f0989

SHA256
65a85a3d0603a77a810749325f552b45c4eb2caf4c7e33c25957d436c6e3f8ab

SHA512
3b6d8aa211a6d41d0e626ebcb3dd8b23c4e3f4a970baa3700679b9717706eab0a896b2da1697f00a42e8e420f8f5d7c03692ad352db108c2fcb1f501bba3150c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b25f84bf9444e63204cc73f5aa44190

SHA1
ef6926eea4a87bd1e57ba8b2345b916963950139

SHA256
f865d6dd204869bebd6c5450a39a1f0a8ef2f12be3d2c598ec9a5d1006ae7f53

SHA512
698322d24c2794802cbb1f462f365e85e0bb3abc65254d9e582deca700ecf3df11bb47872d980a97288215a7796ce7f03b6b00de96e8678517ce3944582cd3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\68KT8AJV\BatchIncrement[1].json

Filesize
163B

MD5
bedbf7d7d69748886e9b48f45c75fbbe

SHA1
aa0789d89bfbd44ca1bffe83851af95b6afb012c

SHA256
b4a55cfd050f4a62b1c4831ca0ab6ffadde1fe1c3f583917eade12f8c6726f61

SHA512
7dde268af9a2c678be8ec818ea4f12619ecc010cba39b4998d833602b42de505d36371393f33709c2eca788bc8c93634a4fd6bec29452098dbb2317f4c8847f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B17I8UEZ\PCStudioBootstrapper[1].json

Filesize
4KB

MD5
905104967c916d08bba417698c70ed4a

SHA1
faa666804660178edc5d30e8fd997f0520dd1d27

SHA256
923fecd35d4492c86414430559151113259d8039d0eeb45e51de442e41f7a788

SHA512
5e44c83c84bd5fd8f8549624ff217605a170ec19989e77a36a824f93b3724067a0828b437d90263679826cdeaa0b8969360f79cfc5bb9f6473ca8584500a6995

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe

Filesize
231KB

MD5
b2e7e6ed512ab835eea3bd30aa03a153

SHA1
a463206997acf92c16864ca48c00157d73ae8d8c

SHA256
e8a1b8ec4bfff63d55f1e5b2ee7d534463f4da41acc219c75f4aeb4d073f7845

SHA512
33f6621fc7e662439b4c846658f3e5a586428b5a6cb5b08b804f5c7bfb2fec3a375cafab5be3ba3d4801070c96f0b7b4ae151f8c18e71616be03f24f48ce3f49

Download Submit
C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe

Filesize
4.9MB

MD5
a502990d5df008eb385b5862f37c3a6c

SHA1
e6c92247d2ec0a7e823910f096d72a661da19db8

SHA256
b9a56ff86f4f6d7ca4c91aba67b55e8487dcd0c31ea75fb8664a4f28aa0411b1

SHA512
ff99f05a31be147e15cbfc41d9d9f371749c61dac22c2e46d73a807376c2ef8254f87c83b0d385df8f6d6262a35d95a6ea9790dde10bbb4046ecd6ed1262cbc7

Download Submit
C:\Users\Admin\Downloads\RobloxStudioLauncherBeta.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 25241.crdownload

Filesize
2.5MB

MD5
f3e2a738b7ad9309636bcf76e142917b

SHA1
25d4be77d4a6d79b79694f3eaafa4aa86e889ae5

SHA256
c4eb642e8a9a70469c82fed2961e4d92fb2c1a6482105c95e755329d2c4d93cb

SHA512
13d15f5c746e1c57f80c3107e4b1c2fc21cb282cbf2b944e9fef5319f3bae30d2d2c26791e01a61fc19f5a20b2b2c9156bd2811dcf36a15154ffc17c88d17fb5

Download Submit