hxxp://roblox[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 11:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{E0AA1A4C-34EB-4B6D-8D01-0DB7026A9710}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2844	msedge.exe
2844	msedge.exe
3356	msedge.exe
3356	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
2804	msedge.exe
4936	msedge.exe
4936	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 1104	3356	msedge.exe	87
PID 3356 wrote to memory of 1104	3356	msedge.exe	87
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 3960	3356	msedge.exe	88
PID 3356 wrote to memory of 2844	3356	msedge.exe	89
PID 3356 wrote to memory of 2844	3356	msedge.exe	89
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90
PID 3356 wrote to memory of 4860	3356	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bdd246f8,0x7ff8bdd24708,0x7ff8bdd24718
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2064,1838697051359351053,3400980654376247612,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\06675c46-c469-4e8f-972f-373b1bac9675.tmp

Filesize
1KB

MD5
2acbc6ad61d416d8ca5eca6f382eb646

SHA1
f3622911a528a9e8d0ac539daa26f99bc98a045a

SHA256
199585bdd235d204b0d718c2a6517f3fdc3dcd704f8a71f4ae1c6bcf8e4a65c7

SHA512
a402523c199dee100becb928e275a11d67e6c93231e707412dc3876774025dcce6ae76874bae60d4771c372db76feb4623867a9dec31028cb2cb4aa2f9a5ea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
86KB

MD5
4923a7479f3522cbe9389d7a4862ac07

SHA1
1bc1eb916c29c8cb05f5e46deb5740b2c5e992ed

SHA256
6d83cc91996c474cc23c3a20d6cc27b91e34117d0e15277512711efb9a6080be

SHA512
3d0dda89630f837e20956edd8ec1a083c79f5934f10adfffb116dc499d3b78418929f5c557c395cd78ef58d8a23ed2ce3af302a549a9d2aabae333c3857c8cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
48KB

MD5
21af9bc981d404957c6344aaff4b3e28

SHA1
e5569bc0876884ded0d9594432cc261effc66d47

SHA256
e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051

SHA512
fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
87KB

MD5
a597d86a86565d31bc391341b2f04ebc

SHA1
e720ea8da1ab8c69dbfdf5efbc5edf536fae5558

SHA256
4db112643d8d78d30729937c91912a11fa4f0bfddc260e857d5004b573dcff6e

SHA512
d307e1c92449f83aa2a152aadca7aa3e63a994f10b694054fb97d39ca659d8674fb29f7ea37c1fe6d8bcc7f658cf4915e519875316f4ec75a266eba7beb46928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
31KB

MD5
17d77d4f4b89495b263b9c3d6d91e1f7

SHA1
b1ef1fbc9eee833a6b04aa57c535064469172115

SHA256
2fb39785237113ec4eed896bcfa92540fa407dd33a6ee20710d1204f9b7d67c5

SHA512
80ae8fd30ce1599970ada0001d4b0fc39966ac2a46925b64bfd9829ed90e1a6f58967817f15645cac51256921d741be5ff3f001372293ea0c2d99cc6fd7942a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0745b2387bcbed9c126bf10ee42cdd27

SHA1
fddffd53524076691ee22550c9cb0be1c41e74e6

SHA256
a0c46b36c1cd216163fd3d04227ef39d2232f9b520b216e2b833deeaf619a448

SHA512
f6bfdab6e4dddc999b36329d0192f66507406918918b18e1ffe353c4c8ae4bdb00a12635f6d07a4e150d43d8c39cd033eee8370a70e0e68eba8014efddb6fcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cf0fd1c1af6914429039398a8a9bb997

SHA1
93b76188604220e880615c70a8ccc4b796a8014b

SHA256
07891f243d54a5472ac4d3678c8176976cf170dc78d65f64ae29c0dc48798ec1

SHA512
6ced06a2604795f0b8ef55c63e5aa2567552311b6437add5684f793daeee3465f87860a6231cb87f183e5b4161a912d4a05e5b8462b67ace9f8e27da62db8908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
a2aeec29da25bb566894afa606fd02f5

SHA1
66afbe5daf706f8eeb862426554fe1ad88b06d6b

SHA256
7464bfef2eb2f84d2da3d3183ad93a82bf5a1c20413fc852a377781130b391bd

SHA512
302976bf7c9aa15d19ca4c00409c2c40bc1cd099ce1f2838c3936e0bf92568e528e8a0707207acc0ff64031432e8cab4db8d8b3b6bfa292d68a20cd5d63245f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe597882.TMP

Filesize
349B

MD5
fa300f0a74042fc74456335babdb6bef

SHA1
b4a451adc33eee7f54ebaad7dc64d886f28a7c27

SHA256
ac296a77fc9ad301bba03a619d488799291e5e8a42068f407bea6e34ac17504b

SHA512
4e20053f3aedd16414ac1e0205d70ffa843e2b17913cf875111b8d7c3b64e1d0bf06e68da508619354421f116595fd4b0b1903806bc8e1a9ef5cb23d3ccd46ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
774B

MD5
4730b7684d35a6b6c8531b8aca4dea6e

SHA1
856d70687411a14a1f3917b5fe4a1074afb6e632

SHA256
ab2c3ae66f0b0b19c260b0424cabcd2fc6d750f8e94e82299e6515c05240be79

SHA512
28e426a47db703bfb8b9f6e5767f4d815ed09ac8475aeaa4ca9921c166fbb23011d0e174c7ddb5f1e2e4637474209b46c7b95724c32773a4d2850d699417ba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
602c5adc36d76d83cc9257147d32c074

SHA1
4f6ab117276514ddca366e5804c3a95686771974

SHA256
bc1f6ff593e6491c979f491ccbdf1bbba27f7e5aceecbde22882dc03e04e9ac5

SHA512
15ed40f96006631011b40797c2160530cb2d8e90d5641a52c19afec52577075b88b254564910c85425fe057120984bfa5ba51d8b10a71f48ebe7852ecac64436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2b620d36b109cb3196677583d86fcfe

SHA1
633df9ad8005d6d2d2382f83a354746aa78ec413

SHA256
de0bfe54cf6b489dbd1e28e4e5e89a501bdc2d0ae1a35bc972dc371f85682e22

SHA512
e5aebe8935945f5503098efa703b77524bd4e012cdd89419e0a7d982bbdb9e5934a3a5e44deb482fc8fdf43843ab9c927f78285f5436aa07678a1ec48c0261e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf7d9c6183149492909601bfc8413fa2

SHA1
cb481844e920cd7d8b435c5e6c01043bc7fd6aa8

SHA256
83ae28bcc26a73ebaeea50b016e557c08e79732cb58152d3e3c4b390511a309e

SHA512
d7c9bea13487e0f0ac7b400adedca3117c9ca68880f9a6742d976547156cc2b6d9c12287670fd77b65eeaf05aed783ade93b86f2c79623d6af702a4759bee51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f7aefcf8545add5e96daa4102111ac3

SHA1
0d12b74c0545291c44f38b59f18f7142cc74f2fc

SHA256
b56c56e8e52de5dcf13373cece2089300a8981949da2cf54d4afce4db9681583

SHA512
53ba2b64ed55ad9ae50216c9630ae2236ab54bccf3d4492a758d63b3ea9091bb52a756aa3fa6d302c68dff73c4b3b7c2909c22075c1640a19468a3f97fff1225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9b3a764bd61f9d19df7e5c1fa97a7c3

SHA1
d5d2a6d1165a65c91adce3e01aa9e35caf732b37

SHA256
12e31d238436be234a1d4a7c366d0d9ef04cbac69673c1efa15744615af3282f

SHA512
4f22314be217a6fa5520af83c8e4157a2b8149a4a24d06be800a56f3d1537916003b50813f30b9138c6d168ad911a26a8f7edf2b13e923d04117c76e735ad957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
85988a06867e3b543519495a5b037f7f

SHA1
4fbcb920574dbd1c6b6ad15f1ec50a1512423337

SHA256
1750cc9c101c99faec7556021606ae5b4ead4628ad254f94e74b20e5145e6d95

SHA512
72bc89f04d3ba560f207704b0463aa586a9046747e149f179a4f06e60f9e410de0044520a341f5ad1dc0e463a5d368c40a3bfc17d0869be72740f4bed9275941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46690f376f9a35a200143b9da7076f0a

SHA1
e2d2ec7adabee0c3066f8ce0db02acd9febef9df

SHA256
acfdf6b74c9b187d5d740177f1ee7a90f32cad6435e8bac0db92a2d7ec713db9

SHA512
d3ee67e27f6368dea1109252c31ffc8a447e8695312280f29adbfe02baff3b93aca42aa2fba0530c4e57a6b4eff2332b78d10d61b7a76fd74756851b708bab8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
387809a379ddb783cb297282881ccdad

SHA1
f55c4ef1bf727d17f5905a2e844332e268a2fe4d

SHA256
78d1208d4ec8150acf964593a4136e9b018a796a4494e8d982e81a0931cfdbd7

SHA512
056f97cfafbb762d980bf14164bb3e087408b19811ad0a113e1e91636c73eaa8f64668406cc4b8937f5675dd22e23933a06ae2fd70688499cb5efafb37789272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bce7.TMP

Filesize
1KB

MD5
70b2d2406ea6ce6c3e447abc020a8f17

SHA1
1948fe6bc59d86dc731813cf066b6844ff6bdc57

SHA256
eddb7b0af76c1435029a4274c284c1f57f37c31ae571eaca89b098a133933f3c

SHA512
962283330e46e93f874d9c51510d90c391a8891f9271124b133897a99ba6959cef1534a7b5e8f4ea314a65facc1a9e4d88156ef4831de8fd9c2bb7b40ce7a0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af021142-1621-4d79-a34c-046f797a2b1a.tmp

Filesize
1KB

MD5
16b4235192c0e4430d82bb638e862878

SHA1
ebe1c42d422ed97ad1d3d6b6c83747475af977f4

SHA256
73fa9ba214f27d53870e4e56dc55fdd5b58afcb02f6bfa462d83cc9ddb546967

SHA512
910766ce005457d3946339b2443b15e29a8f7a99555d350fb7378bc171d2b3e8eca83523ec6c5d17044e02c73ad4934e0300f7ca4b32c255f6f0c03e7925b843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a97501a2ee3a7b4580651f4987f8968a

SHA1
639db25998eca0cf5fc639990ec940287369b695

SHA256
3ec9e7eb1c460d2337284adf415fa0b770d8c62c55283fec540c44fec5623624

SHA512
e068f199965efe1889972f77797506e199b6006ce953fab968f8f5f985205cb11f61709adf73cb8f4530ab68f2622f400f80689eaad554167296415311959142

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit