Analysis Overview
Threat Level: Known bad
The file https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-13 17:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-13 17:16
Reported
2024-12-13 17:18
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{23618FD0-42EC-46A3-B94F-6237A6799348} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.robiiox.com/login?returnUrl=https%3A%2F%2Fwww.roblox.com%2Fusers%2F264258251383%2Fprofile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa470446f8,0x7ffa47044708,0x7ffa47044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2536 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7959573411623263680,12388086503552835165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.robiiox.com | udp |
| DE | 5.252.33.158:443 | www.robiiox.com | tcp |
| US | 8.8.8.8:53 | 21.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| GB | 2.18.190.78:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 78.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.83.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| NL | 18.239.83.69:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| NL | 18.239.94.43:443 | images.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.94.239.18.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
| US | 8.8.8.8:53 | assetgame.robiiox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| NL | 13.227.219.127:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| US | 8.8.8.8:53 | 127.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | arkoselabs.roblox.com | udp |
| NL | 18.239.50.110:443 | arkoselabs.roblox.com | tcp |
| US | 8.8.8.8:53 | 110.50.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c2d9eeb3fdd75834f0ac3f9767de8d6f |
| SHA1 | 4d16a7e82190f8490a00008bd53d85fb92e379b0 |
| SHA256 | 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66 |
| SHA512 | d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e55832d7cd7e868a2c087c4c73678018 |
| SHA1 | ed7a2f6d6437e907218ffba9128802eaf414a0eb |
| SHA256 | a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574 |
| SHA512 | 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f |
\??\pipe\LOCAL\crashpad_3616_FKXMFCRICVNOSABB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64f810d8e0fd5255f99cf94df8f012fd |
| SHA1 | 6ebfde8512273162b7e6ec2e5db5a9d2b3697498 |
| SHA256 | 4796182d498ce4b926129b9f4feaae2c78bd27668b5eba3cdf2d4eb8bab70485 |
| SHA512 | 43d5cf8d6ef2814da3bb6b5c1538694cb772c60f19b3d8639c45e253568ed43f403e5cb101a3a8b0b71361adaca8e0570b08845d902878c62852661753fc94a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ad51b293e6455dc648d8a36c6f628637 |
| SHA1 | 72cb0ed4dc9e291c1ac598418019555645a6208e |
| SHA256 | aa4ebd5f7d639a0c5975fac86490bf7a3427b0c2dd80a5ae4aed81fe555ea262 |
| SHA512 | 196b51a687221b93980f657ecebeb2cb7d153ced4c8f3fd31252207f537ae46a369f69449b66961147eaa9e2102501313544d49ac01b762a7a2231f738a6cff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 73b2d491e5b5bf40175cef59372d67f5 |
| SHA1 | 3da86d8a30ec51c257b6f05a478f379f35943447 |
| SHA256 | 16d1eff677b98ec4747228e8f721a62ea371ab4c2e709f4f719cf5099eee6a7a |
| SHA512 | 6d005d6f411c53aeeb517814cc96a47e4b436bfbce8cbe72ed42b16bd22534804e17851041dce3aff86c178bd2f8753b9e30a7651c65f24b2ac79b05830fc4f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 787e4629f36a0637670fddadee4dbe6f |
| SHA1 | c7e2db011e48cf109cc64e89a7a8dffc10434e0c |
| SHA256 | 5642107bd77e3400f6a156c682eb1a54c2cdb77db9ad7390f01767268de5abe4 |
| SHA512 | c10fd5085dec8d3479f539d71c0b89a551cc7dd741a844b494c9cfa2d2b79f6e63de30d5590685b6c4a21acad6cad64bb9fee42d868389ef6d162c16fec40925 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d0ec.TMP
| MD5 | d7959f6cdf8e5bf7e973860c930d0dfa |
| SHA1 | dfea0f62499b80fee817fe82c8e3453dcc290f09 |
| SHA256 | 39a7ab184b2e78fe717568441c4c6c4f8f4fbc322cd57261ae4736284515b7dd |
| SHA512 | 322a49d1665bcf0452f26fb47728b300f56825ae935681930e9c662c9c66c429b389ded3ee5a0940572656afd62f385a1d085cf91dae4a75fa8f723cfbc567e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 38349ead06f86f83a70dd52ec1b0a59c |
| SHA1 | 885f333276a7271a7fe43f5ce31a7e7a3c56b40e |
| SHA256 | 7933a9de6935046dd775cda8ff6b0c528f66f2e707ce4285305d5f8936081501 |
| SHA512 | 6218ac930e83567a8e02264c4241ad58ca11b5c366f7c4f1602deacf968e573e0b487f645e63d7b0edf1352cf2644ce10e542f7f1ff0b02d4868a74f92ccbb3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8a754db96f1e31e69de750c71aa1ef5a |
| SHA1 | 854c3b28eae76530ff48d369b7327186cfea16b1 |
| SHA256 | 8c796bc38e2835cff7d1bcf6f88e18846a17730289fa233a16348c5806b2fe3f |
| SHA512 | 996d8c79ece751e20d544eaa38bc0954706abc7ec41c16a8e36d32c20a255d9e53c204f023c041a1a1daf51993ad180930d2e673fc536b448c57f1c4959de03e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ee37172ee9d238a4495b8e99ded3fbfa |
| SHA1 | d543ef3d1193541b08a5883acc60770c5e84a9ca |
| SHA256 | 1b5811e43cbed198077020ddc99af81be8a50d6825ee4f2a53aab14852809c7a |
| SHA512 | a74487239ad4f093d311abab2b05be20590c382c2cec12eff5986ab258d4388d1fe4be316cc5e2c068d12a9ccb39240863b6c3cb546238b9d2743fc3320c4a5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 700db95cfa2fcac3be6b694fecd627cf |
| SHA1 | a2a1223671a8bb5c88f330a481587235930a4ced |
| SHA256 | 2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482 |
| SHA512 | b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8c8349d325b2a6442c4a2d58b89ded4 |
| SHA1 | 7fb73ad635f5f7eddc50f5b0439ce5329c7214d7 |
| SHA256 | 8d23cea182d4aa6a70ac61ecd7f460423da62383e61de183e733a6fb868417bd |
| SHA512 | e724979e3098cfca1674e041987c257f6984ac8ccac3f494f0bbc71fac774240e2c3f960d08e9c2778188520b4f1e001404dbf8f41269ebe76d926250eab3923 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7aaae7f77392bfe5eccdd856c81b8726 |
| SHA1 | bc697d67c8d9d48badb95333d51a4abcee228d40 |
| SHA256 | d126a8a34967773f6d17222cc1863e43d43bb768e282227166cc903542cfb4db |
| SHA512 | 215243abf7ffff225cec15d8536c272678304e70748f1aafea64b28743f20da7fe95a898b84200c5ef005720701d2d4c07e5d205ebccbcea353d745d5ffd492a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 56af7b3c43020c8ed8a238710d3a4e75 |
| SHA1 | fa6a3e153f1c67fdcfcb989fe47a7a839dd245ee |
| SHA256 | 29b5ba70c2de821514771c556df646a36bd28ef364f07acb97c9d496e09d8a82 |
| SHA512 | 0f62153ab43df662db0d603b16c7bf8cb9509d96aadb6ea9222113436c86853a61a4393c1d4ec0f3ac5cb77025b9376c5b8b01fbd9bb7652ce0ded779c33900a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f98581b9ed26609f2f60e6092aac7c1 |
| SHA1 | 3d62ea4f7e5aebe4f41ae14ad5f3cc9d2535010d |
| SHA256 | aea1020e1ed5976395c4b0d70c2800ba9b0856dd708d152c33417964ec736a3e |
| SHA512 | 2b910ae9e46c7e7b39a02720f66b15d01fc70c2b2fa3f1be5e34f84c9aea569a211e0c855276aac691b0514f02acaf3b6f83fc09e9658fc859576625905e2a8b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c436557b16d1db2d702a382893d8d64f |
| SHA1 | 3cac6c82bbd1f3fadadab6f433379ea46d1a783c |
| SHA256 | e1a7a130c254cda5ea52e0924849784d122fdd3464e2bb35384bc60cb23d51a2 |
| SHA512 | 50e4f930059025292483ae9262285e88df3a14cebb32a16b0f21cce55cb12f3f74d212796f566e53738338594fb6d1c1e6fc46d244b362ed286a60dcd7c53c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d10a81c0963325c1518865137c5dced5 |
| SHA1 | b74393112964d2d565993564f34427a55ad49eb5 |
| SHA256 | b25ad630d19bcc6d98bdd128ab39b19e0a6bd2f07ac4a72ad54514698f3f1f75 |
| SHA512 | d31e691db5eb643aa48c3a1f308c8045c785b0b63533aef60bd3e8f43246cae79737c74bcc27d7b820b3d4e2d85066a5a885313144b423dc6ba66ea4bcbc8b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d131d268d52f492b9ab013b03a5e9fb |
| SHA1 | d32bdc6294bc5fa813d194789c68f1b54ee321ad |
| SHA256 | 0abc82c0657e0dcaf788d5d0644065f49751b8624c9030d93b9ffe16023e8b40 |
| SHA512 | 3c7027c2f505bf96e4e414cbf54fad935ef3c781fbbe9f3544a7c0f82bcd79a34fc2902ae41b476ba9202e01eb73d1a1a20655e4be4906f8f90fa091b554b66b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ff664881bc235be9da65aca565ea373 |
| SHA1 | 5858cfe8f86db8c9e64cdb5a22a4950101c78b29 |
| SHA256 | 270a0382598d0e03205442164347702dc138ebce2d946e8294dfb29dbe5019b3 |
| SHA512 | 8886bf056ccd397d5a8555f98e44cd01a9b4426421f7df104e573d321ecbe9307a05a6917c79e8ebb835d4a952d4ac31e766574124f327b20a70e27b27602fe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f1348f37513b15a5555b8523d161377f |
| SHA1 | 880a15b84fa6bae801e9dfd4f51a0b1dd5b83fbc |
| SHA256 | 1dbf6e4aa9fb1d85c7a623ea1beafc75434c10c2ca3550306da1c722ff8ca2dc |
| SHA512 | 74fe9d7c18b91e4949d114196cdd754a8f557121097877e4222b7880b9879c570cff054219751eef0ba3b79cd7fbb360cfdb5c8bab64206bf69edc740bb8caa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a8aa773ec2524ba10ebed453855fa8dd |
| SHA1 | a657f16c9a1a3eb00fbce199f673c6033a22468b |
| SHA256 | cbc6830d7b8e732088bacf4d226a70ef5a27f0bea964e385e1b82b390b572e01 |
| SHA512 | 51c4fd20cee791e1608c2de5ffdd37688e2cb4756c783fcb8f2c4065504c3c02fdcc4324101f48ec6d471d9f9e2d441a427f8fb65ae8ae433194dd5e463d6eee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 48574353078ee6251adbf899a9bd09f7 |
| SHA1 | 5fefb4231fe54943223eb172dc73d06196325905 |
| SHA256 | c087f820fca3a25a1a60ef9f02f692c98b0d683c4e3f755bf83d4b97787c575d |
| SHA512 | 39d0d6df41f31f828a68d46efc89a1ea937070bbe31374ec7eebe9ec76253271a4ce08f31f0e74118af603b1a3eaab9e0ee8d7eddc6444f0011e2c509fd21d30 |