hxxp://roblox[.]com

Resubmissions

21/09/2024, 04:10

240921-ervd1avanf 3

21/09/2024, 04:07

240921-epz7gathrf 3

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{5FA46005-0B1E-4004-8C4B-2D2B60F9D6F3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
3028	msedge.exe
3028	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
816	msedge.exe
4092	msedge.exe
4092	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1132	3028	msedge.exe	82
PID 3028 wrote to memory of 1132	3028	msedge.exe	82
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1060	3028	msedge.exe	83
PID 3028 wrote to memory of 1948	3028	msedge.exe	84
PID 3028 wrote to memory of 1948	3028	msedge.exe	84
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85
PID 3028 wrote to memory of 396	3028	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7b6546f8,0x7ffa7b654708,0x7ffa7b654718
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,731015781565766740,18249057447987057517,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\63c17055-b225-4aaa-921a-0b92a1f9137b.tmp

Filesize
6KB

MD5
92cbfecea146f7ad03b7240388f74b61

SHA1
f843fa4ce45a8f1a0bf92311b8a34931f872ccf7

SHA256
371b8d5afa8b70d6f8f7aacb4b2aa7a9b8ef0ca140c10ef791f756eccbaf7094

SHA512
ef137dfc36d78c61c0ad2f804f4e50f768860c73092f1dc630144bd375d4a383c69f87f271f382d46839466050243a355e1e1377ee2087c8601bc8f2f19eeae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\976dc177-082d-4d68-8ba2-922aa6871198.tmp

Filesize
1KB

MD5
031a48c857e9cb60a6aa7c44d67cec11

SHA1
2aba83f34be9d32fba0855f8e9623b86c3ceaa65

SHA256
2de4c0a0c4e7de9738781fb189626838e6bd0f3d99709c865e34cbd52b70124d

SHA512
6786a09e36c16773dd4c4c16946c8a0743142315f74058a961856510200fb3d7fb3c0efbafe8400dff0c91a6802333e8a314de3811e174d62affc9857a0ced3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d151bf5300b7b76da666a81557f414a8

SHA1
53485b35285b889d28570d52e41ee7d61b8d28ab

SHA256
727c6e71ed2dc5d2c4f053b0c2016801563b9e85d6a944eff930a7339cca2a59

SHA512
3d63ab7983b4f6abd9ce352f176af9176f20eb0a6616548b8dfdd8be61a24d1c4dbac2341cfda808c6b4a104395b574fe832df58cabb3d064e975647ba4f64a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\000005.ldb

Filesize
1KB

MD5
cbd4452d0891ae0929d8e4078c21fe64

SHA1
14bc16c9fd64a9d86e67ead1fe1d671180fdb812

SHA256
c77d9a9c7bd1c8b5a5f8448736789c2b44370815e45a0255ce718df22f5f861b

SHA512
fca5def42a9aa8a3ee31e8fd4e48d06abb7c0c2e691d39ea7a7da14a9b271df97b473914bbbb17f81b3a17791de530c34e65f9ef74e7cbc85cb1f64a0acde3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
040f6182598da3dc44076e86b0249488

SHA1
0d6b852ff2287c4a7980782132c9f21a450571bd

SHA256
150a922be3b1130ff847deeabb7090a96d9dc7f7cc3d46c2d62c8ed5eee61b51

SHA512
d4d11f6f037c11a7a8e282c601d698e3a3bad48837b268412d0c15b18b61c4b9c789ab68230ac4f0d83ef1a8a210226eea4b93cc45f2d26e0e29a1655633d69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
1b2bf00f657539443c8ece823d980b0a

SHA1
2b60dba7d69c732afaeb29d3db21410e218c3822

SHA256
a23e5f348089a9015975a0677599400bbf27cc2121146630035ddf1a467886e9

SHA512
d984e638afa7196ac0ed6fd67758a5fd015fde7ec156b349b0a476c11b82bde027a6dbd5162e20cef9b44d0a32e2f489f57e6dfc6f2fc6ddb9d6c018e5754956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
faed3148179aa1dc70ccd00066a9b298

SHA1
30590edcc81a4bf8c4d60cb3bdfffbe2aa8e08ae

SHA256
dbe738be3688564cc31621014bd5ff76f0b4c4555312d17fdf0e2f4a681a84f2

SHA512
319abc071cac83980f2b3a4b17a3ca717bbf566fa7d52e644b2c77c408f2f9f9eabd174ec52e67deb0a2c88c3511d44f07b87a234850312c01610e308930bc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5963e0.TMP

Filesize
671B

MD5
e0be03bda9ae6a559a42802e698cf71c

SHA1
3c5a819ed74b4a88d0e006ca600e75cf42776cd9

SHA256
acc31eacc34564e1f947bf7b72fa2be9eb2dd760466168632ff2a3e225c58c8b

SHA512
7418fa01e82ba659f75dba1fa159c62807131c9e9b9f1f81bafc0807e5627c62d66b3ee285094eef6a87ed0e8802d7f9e815f3874470441e9aaff03f2a94872f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
e2896794670f13dd2d4d13b86817b168

SHA1
58089c9c0955e754f116b29243b4c834e61e1570

SHA256
7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a

SHA512
2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
700B

MD5
090e9661c1b3c12bf58311033f766f25

SHA1
cdca3fb9daaf75064340ce8c0ea081452c4debc6

SHA256
79fd0cff65eb0631ac3421b66bc46d5f180c678c8fa382834f0e0d64399ce001

SHA512
fd8e477288fce507799dc227239c878db2532fe444ffad34263471e0a875619f8d2a893621d7c0b6778a4dc7f848a80f16adce069e1597463cbc575645226787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00cf1816f448885a997ee225ed2130a8

SHA1
668ce8cc5e5f9ade935cd3213dc74982a6d907ac

SHA256
20216d50f4e3ae7902c0a21a741fe6d7fbf7ac39d0133c86fe15bf27abb3ed5c

SHA512
4e1da07487c4fb284536bd1d6aa1ae9be5e9d129edc33c54640ffdbbfb3eb4326e69e02537be6aae8d59e68d4f7c3ca3c9e1345422be0081637a58dbc6d039a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f983977f9a78505b09392fbd91c099c

SHA1
d0f08aa37df7a79a592e6653746a3533cf9dec38

SHA256
f8ef12f5ad473f3556e460acb2d9766cc8e75c23658d4cf2bdeb7528e8237470

SHA512
922f72eca1204849f46666688d2f63f7ecc08df3e171e79722828d7497136372d6d693670749e81f80de681346238d353aad0f394c100f2bf29b00fb4923e0ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
344702dcd65c788d871809b8f0b5a644

SHA1
36bd3c188772f8cb976ac744f77e9dab53547371

SHA256
6fdc2dbf5154690a0331470ef008e76a3caa767b64e8ccae713ca01a6f13f5be

SHA512
eedb8027005ed123d02f4c3af77ea169704e8b31911ca8648aacb792b7c61bd89547a5d9f6d8c931abb4dccf0782897f09e92e780e167704d51b47c6331af857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bf501b2edcfdb330bbc71468c9ab193

SHA1
38867b808a900db58f9f63439210edeb5ceccaba

SHA256
03ba2cae7cbdf912c279dbd6b8d4f5b966293fed6d7217a5923bdc849f49e594

SHA512
188b3145f7e5d846addb2d7a670e80bacf494f00a87c2cd0a7121d51fc41ca11229baebe4941fe60018fd2f62d3f64127ec50318fb3db4d4f53dc949b778dfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5b4e5fe4cd2ebbb7625e3dca4eeff6a

SHA1
e8bcfd9d9c0a00f8275761230920f73e292b6be1

SHA256
fe77f18b5be92ca6d091fdc975e6fe019ed742ad976110c385b7e30b3741935b

SHA512
3c7300af78698aed44f21a97793647e5d162166c992709b4f54ba25bc4b049e246260088b0979f6e251233ee14c4ed014ceae5cba4a1cded4c47803bcda01400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41fb480dca6573c2dcf6b744967c2aca

SHA1
6f59751fbb134a27d7938e901b2edb8a102f68da

SHA256
5f894334babe4408884bc4705bbb131fd563c2c636358f989f7b98a7c0880910

SHA512
13e0f844df33224e47301d4feb1ff3c8f2cb807b8e4f8d6f2e245ab27b52b3dfd37df8155f980c007f805fa667570fac3920a6cc12afe51d36ef034a57bc0208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d26557e6aba7a45537d94bb922657015

SHA1
d302f952f1a8cfbefdb9c592dee02e880da8a0e5

SHA256
09a87298df991b38784e207b3b339f7e550454eb05aa1f0882a3a0c5cd555451

SHA512
a6ccbc261e4b61bc92cf92f9ccf1dd8b0f661e2436299e8e9f39522f5445605bcdd06873f502371a28dd4edb8004fe16bb5dca45cef6eda83b14b341177de7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c469da0ff1be30ba0f113d554fbe83e6

SHA1
a1f0bd2d64b26b2ad3f35e7ffa1977ac6376ab2e

SHA256
9a0b2eb3bb9bed17df68e4cad9d1d26214110541cff3f2f41edbd17ee9d7dbfb

SHA512
29b4ab315d9f23a9dafc84c319a04bb919ddc2f58d913bb848a74112e31c8ebd7816ec8dce006c9d2833cf814370b50690fc488ce06dec8b2705008589b5778a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
965e29c1bf3c4b1d4f4091438fb73c69

SHA1
a7ca40e2bf594821f9912bd8398d7f5a7e85ff50

SHA256
743621588a034e17b99c3abaa7cc0d68b62980c1164023ee1a247c6c657f7fca

SHA512
da444f24308ddb412120aba195a6e5bdd6ec9a183ce3724ff13c7a61d3b49a3e0db8092e4507f0196c4737da19142f3cea2504bb859dd32d0657308e4fb1cf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd722aa8e63910816ab571763a6b1fe2

SHA1
167100d9c20ce7b9a19bd4a14f67405af59251d5

SHA256
43bf439a9f36a2f58bdc6dd8693e9f05d0f266c8f11cd7750bb32fcc279ca032

SHA512
669c22d34336aca5c9547c9ca34c8326eff885f85a0d4a41e7e923222d2ee3582a4a7785b4480cd8083665b01594dad2e2ea74151470d1c027adb8ec50ae9266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c14c.TMP

Filesize
1KB

MD5
6d697c8340ebbd88d3cd03c276c7ef82

SHA1
137a1c29f82e121214d6298681651225bab18bb1

SHA256
03ae5f5d122f3d8260ac899864274f713a4c5576ed0d28f2b878fd62c669bf38

SHA512
b94a1beee3267bfa6f45b588a38d1913eb267f639240ee1e6bb9339071d3f4f98b163138735eea4dc26ade0e10be3b2dd2f67e70cafca57bfd8ab034519bdc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a49a7e1a-5978-4f39-a457-d129aaa2c829.tmp

Filesize
1KB

MD5
e38a9c418124f8db0b039c4f32471793

SHA1
7c040e6df602c4ad8a9bebf221f37ce3943c2f28

SHA256
b23efec5bac37458dc5f5d62630b8f246515333ada826e1e1b91b7f5e4ac0216

SHA512
429ff28cab9298c601abcc5fb5898bbb41817e6f25ce61884cb2b82ba82b712b8983d8a71a443360870ab7ea4aac93a62a0bb004f4c8706b2bcf96a5772f4a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1272037d51541c130ef9ca3370c377bf

SHA1
f695738ac537c89a2c22dc68ce5bc9e8384109d6

SHA256
5146fd8e63f7e23c6ebdab9e3fdecd04fa2d3afd832d60fd275eded9323310e4

SHA512
3b04772ba9e96a9bdbddef52284f9606fd3100cc5d62030b5ffde19ce16d1d792de7df9b30cc2fe5d700a3cd38f94890d3f21c9e29752333a766e41063550466

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit