Analysis Overview
Threat Level: Known bad
The file http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about was found to be: Known bad.
Malicious Activity Summary
Browser Information Discovery
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-15 02:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-15 02:17
Reported
2024-12-15 02:20
Platform
win10v2004-20241007-en
Max time kernel
131s
Max time network
147s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://rvoblox.com/communities/204822803605/AngelHeartFam#!/about
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe109046f8,0x7ffe10904708,0x7ffe10904718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11030830659993313485,7005579529855131457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rvoblox.com | udp |
| DE | 5.252.33.158:80 | rvoblox.com | tcp |
| DE | 5.252.33.158:80 | rvoblox.com | tcp |
| DE | 5.252.33.158:443 | rvoblox.com | tcp |
| US | 8.8.8.8:53 | 158.33.252.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | inju.cc | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| DE | 108.138.7.25:443 | static.rbxcdn.com | tcp |
| DE | 65.9.66.35:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| DE | 18.66.147.43:80 | crt.rootg2.amazontrust.com | tcp |
| DE | 18.66.147.43:80 | crt.rootg2.amazontrust.com | tcp |
| DE | 18.66.147.43:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 62.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.66.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.7.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.147.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.66.9.65.in-addr.arpa | udp |
| DE | 18.66.112.62:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| GB | 128.116.119.3:443 | roblox.com | tcp |
| DE | 18.66.112.8:443 | images.rbxcdn.com | tcp |
| DE | 18.66.112.8:443 | images.rbxcdn.com | tcp |
| DE | 5.252.33.158:443 | inju.cc | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| GB | 128.116.119.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| GB | 128.116.119.4:443 | ncs.roblox.com | tcp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.112.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 8.8.8.8:53 | tr.rbxcdn.com | udp |
| US | 8.8.8.8:53 | accountsettings.roblox.com | udp |
| GB | 2.19.117.106:443 | tr.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 106.117.19.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.rvoblox.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.rvoblox.com | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.rvoblox.com | udp |
| US | 8.8.8.8:53 | assetgame.rvoblox.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| DE | 18.245.60.9:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 9.60.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.49.80.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assetgame.roblox.com | udp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7de1bbdc1f9cf1a58ae1de4951ce8cb9 |
| SHA1 | 010da169e15457c25bd80ef02d76a940c1210301 |
| SHA256 | 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e |
| SHA512 | e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c |
\??\pipe\LOCAL\crashpad_4272_XAKJSFSGRUELRYHU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 85ba073d7015b6ce7da19235a275f6da |
| SHA1 | a23c8c2125e45a0788bac14423ae1f3eab92cf00 |
| SHA256 | 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617 |
| SHA512 | eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7faa9d545345e40f278a8fd805a3d6ff |
| SHA1 | c9bad1c8fe48485fb03ebe32fb186cd2e2e7473e |
| SHA256 | 4f91d36b3a68e016619f10f195e3a45c3e4be262e32609c6dea5792e98b0ca90 |
| SHA512 | df0a1695ee4cc16a40a635190d1c81a20dec73a30e86a4b42da85189fb58b2777174b95dbb38b78eb4a6d34c9bbfa1a12c37eded1bd1e456936d97356205551c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | 6c1f2728e98aceed824a43f2c14476f3 |
| SHA1 | d2bfd22c08726370187636a1c2df4ae819d84409 |
| SHA256 | 53f299fd57815ffa68dffee92b822b82a4f3420f5ba39fa1aa040091798b5b45 |
| SHA512 | b80a5baf0271b33c81faf56508ce7e2768ee990de70dd721c3db0c7bf17c9200358709bb2aec8d8d16c83848aa6f0bc94bc60554b0b73619bf29bf7d488c221a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7
| MD5 | c6150925cfea5941ddc7ff2a0a506692 |
| SHA1 | 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 |
| SHA256 | 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996 |
| SHA512 | b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 73541b06882c6124f8a510990d4e9bf7 |
| SHA1 | 77a2a0d15d4247fda215c91c3a5fbb2e6fd7f28e |
| SHA256 | eec68b8d7ddb8a6062c26f0ebc09fd805e65c2ec48fea3fd1bb0834e560e9f5f |
| SHA512 | eb8d5c11c253406de9fecfde0fcbbd0214eed3708792733de07bbf48f98b26f1124fbb77ae95742ef3d9ba515d1ed9b07dd2028fa5bf5f94c17269c2bf267327 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e90c826a3215be956cbeaeff23e6b9f9 |
| SHA1 | 6c48803873c3f351dff04a6f7bede2d78cb94ae3 |
| SHA256 | 38ff5d58a4549cc91c250b3e4a3f4bea1e5fddd49dcc97cbf9370d2556196918 |
| SHA512 | a5977eafd27397c08e35061a080e2e54314b4f65bd721d51a7401a54cf66ed04874473de5d33a96928dde740473f65f622d01369b0b8a7b28fb364d5a93cdc30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c0a469b1f1ef30c2645c9dd4fbfbec4 |
| SHA1 | ac7a5a8ba990600c0bf26bc4fad81c23b8657164 |
| SHA256 | f853558348cc3cc92cf5bc085b73d38164b042ffc59ca7f798c95a7980a16ee8 |
| SHA512 | 88f16d6e7a633b37a36a8d495d6e7b32646627ac293763b283178ce6d737dc15789112451a1fefbd430732c7e582f389f18f09a6cb3009ff3ebcbd99410ea6ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6084ab306d9f1a06eba8b4e5c5f787fe |
| SHA1 | 26b58f5367ed05db0a833843442113f2a038d0dd |
| SHA256 | 681d0dbf0d2cb9461fa3bb8926eb2dab6ac4359875a59bad6450e1c8d16c6340 |
| SHA512 | 4b1d6448a4c151b5bc4673e9808b00e6c72d85f6b669739b454b973a333207b7715342f43974330b7106ad86d283c4424c4d2601689948f6e949e7462000f7bc |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6540d82ffad71a6784026e5b6b3d5e53 |
| SHA1 | 1f22013365d3c91f6160813612848f47089db898 |
| SHA256 | 1e158e579a983023150a505aaba97d7ea93c3534cab0efadaf145e73ea56063f |
| SHA512 | fc01f547cac490598f2e6285207ea0505363122afd6788779be5ff4435fbafa1d677d1db52dee1f7861a30808b2c54900c03f18ba1c577d31a54a3424986f630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da91.TMP
| MD5 | 8e6c74d28c35d63a239c3b941799130e |
| SHA1 | 8f2bacd8dd79726913ba7d5374504884bd86ffe4 |
| SHA256 | 13d9a46312e765b13d83c745235cf0480595cc460b6cd21ab74667fbadce7eb3 |
| SHA512 | 43fd29774f92dc92fcb25c0eb8800bccd1b164ef681c6d618973e8a840326912169eae8d1b49e93a5bca4d2777490298d4d327b979dc62a52b6a9b01675fb105 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | f3252eb236ae93b5dc302520c66ee9a7 |
| SHA1 | 03c30e122dc3e011766403d1c56818f43ddc2367 |
| SHA256 | 7cb838b897dfaa30023926b111cb293694bde6a1f000c67556f7576b9b7eecbb |
| SHA512 | 6f4eeb94898a4951a6b1f9cecb00bfa8ec3c482741a3b19c5fedb8e15c4f2ec122f890646e9dd78d958cb873023059f5424236c6575153fc568a335294afb78f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old~RFe5800b7.TMP
| MD5 | d95a29bd8ffa58870b29d8e3f1e1e059 |
| SHA1 | 89862715fc85db152cc7153e6d935146aeed1c7a |
| SHA256 | 41a2534f5c706b29577dca749cc659af13be9becd7e5dc6c2f896fbf5694ef54 |
| SHA512 | cde22bca18bfb8d268f402eb30172bbba2498aca29561dbd9ee2bb61bb05543111a990159db85f5593d1a79173068153db9d3804a23d65b741f2827f49c20de1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3f19e60bd1a5e76cc437903ac70859b7 |
| SHA1 | e0731788e1231a926edb8a80e3a6949bda43a2ef |
| SHA256 | 5053953fdede62f46227dbeb5ecbe7ce6e85b9679eaed887b5046163e7d8d6fd |
| SHA512 | 5fffa5b55802bced012947e3dba570bd00231063e53a249d794dd3114cba43a035f33dfae1d980fd0be8180a413f7d290fc83271cf32b238d30a006a4593f819 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | d81106fdc94384ef2ed1fcea7a5d9e5b |
| SHA1 | e694edffa5d6f8843cc7a6a4edd2c27d08a51b34 |
| SHA256 | 8741c23815ebea5de820107e31a05fcc3b3e0b331712d42e7fcac36befe6a989 |
| SHA512 | ef29b662d7ae5e5501e48b676b028f5d0bbb46a5f4b16f365d149e68333720f4746c3e1968cd67e774db3c77c20beb33c1342e8fc2c99b39e9ad0be4e47f81ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 989114c8fc89919f0910c2e2cc837d1d |
| SHA1 | 55d51f0041e01c7b1cd39400206d3f46f95c693f |
| SHA256 | 769017059f03d7f383c06aad4519890ebff7e04c0797aa20ecc4ad6e4e96d85b |
| SHA512 | d8797f4bea581870c7e0a9861faa165c27f58e4ab373343542be2ebbc542b90fc3a8f75b13f6fc0641fbfbf121c94466690203c9d47c14881c4a22be430a2f02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\LOG.old
| MD5 | f13e7df9e4978d2fc569af6d5ebc4908 |
| SHA1 | de1bbace2b506a009bd9d1c287d9f94e1ee4e2bc |
| SHA256 | 9641998f0e6696e8d215d7545f1a0a3462fc67e3186eb81ecb5b690e30a8cd67 |
| SHA512 | 74e2747dc4d6c087e54f9e803088f07a03c624cead4042818c811cda4f41ca6208a9904f835b032cc676ba8746375b7c0a629590dcc9c4090b310026b92dc146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eb81c6eb810ed709b4c526b13dcfd8a2 |
| SHA1 | 6334edbed667ea27213163d8052afdc6a4457807 |
| SHA256 | 679cedefbf56fb6509da069389951e2b621a0daf2aeaa8a58e47b0220d0db102 |
| SHA512 | f941bf0fd11dd79bcd276d3e030297657a69b5184b96c8bcceb0c82012c86ef7e05fb48d26f075354514e044fb3fc4e0831a3753d1e7faddb10764c4dae0a7e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rvoblox.com_0.indexeddb.leveldb\000005.ldb
| MD5 | 2b01ea8b5823f84adc505ef9f235e955 |
| SHA1 | b6b8f92b19d2ec21b3cc07f91c18ccac9d400558 |
| SHA256 | 588b67c5321bd67692fad82a1eb3d0e4f426b381ad958f2201c218b71495eea4 |
| SHA512 | 6c3e0285000dbb1eaf09379d8e573078aab3951ed95d54f0a843c613f20a61510ab5ca54998b807fa85c7476ab5deef50e4c8c4ba76f793bf20e1fb2cdce8ca3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 700db95cfa2fcac3be6b694fecd627cf |
| SHA1 | a2a1223671a8bb5c88f330a481587235930a4ced |
| SHA256 | 2914ec7a29ee658022d985263799842db3916cec965a0ef2829be1957d33e482 |
| SHA512 | b6b096bc026b0a8ed3c796c4ed3a6fb73995065ad6a7013bba8b61426ff1fd69c275cb96de6fad0ed26175ebefd5f7d220538403c4c6b13e5d06c0e65d1991c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eca24f84f45156ba2ecf2f754f520eae |
| SHA1 | e7e2c31877071f2ed77a12ab76f298aee13266d9 |
| SHA256 | 5eb758d806c84a1a23c1f656df84a14c247370e8c7035066f3e8621b1965daf2 |
| SHA512 | 64d13a596793092a01f853c9cc0f71d50bb82f120f85f73948e3f8827b30a6590ba0bc6822cc16104abde91527905659e95744bd1d8e460571eed9753f6053f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3737e8d834a70fa208071710b9fe627c |
| SHA1 | 95c1a515f9cc5025aa98742f99d9a29df9ae5969 |
| SHA256 | ba0565786c406439fae19e37915c0ef8979610375e926618c93d6e6b11f8b26c |
| SHA512 | c8d2ecda100501a45dd33fb5cd37ecfebb4ae8f9a8f89c89e652dff0225c91d555d69e97e8e77af2fe082fa726014d8b606f38592b79336df1abd8bc62aefc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 071630776929191c3fd8bc92c50267ac |
| SHA1 | 4a3ff6114b2a27fc2b6a3d75951f738315d8665b |
| SHA256 | cae036e27617730f347db535cbfe372625aee7e5b494f674516a7bf7849ad10b |
| SHA512 | 20eba7b98ba008c91c53960c123175446547964f73f57f0afa0d95605ef87b0775cbc91bcc27b7425aa210edeebb2b6521d017e9c5ddf7b08e3beef36b4bdada |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4202b14eb9c688bc25f8900fe9c4bdc8 |
| SHA1 | ba1018fd5e0f4e923dcd90a5d82ebeb44dccf0cf |
| SHA256 | 1a0944cb87049e28b6000312b8c4bc0f4aa557f4c394ef0e700b82cb2c78f034 |
| SHA512 | f2a63964175d353327cbe95a42f7d2a4ad04455a314b16dd3fd41773d84fef30d71c28c90ab2407815d77ae06e0910df0e3bc54095303f5aae1e641c86f41ae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 528d8bdbe1339ff0c8fd62ad718bcfe9 |
| SHA1 | a3862500b27bdde737b8361501841e9b39705f33 |
| SHA256 | ceab6bacf904bcfb6c1dc9d8d06af3b7815be104bda866dd6d2813b82fe469f1 |
| SHA512 | b78d75d24e5ca7d619dfe55551300b50357d149068f7b6eff1d388f0206c1318e7fc2c27b01f37a696d9f94222528941b45eb227e50df55d044fa86db1f07503 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 81733fe41236a8f61fcf7e379e710023 |
| SHA1 | 3dbc96799ca9cd4e1e50b772aebd4e610e5d4ab6 |
| SHA256 | a52ae2030114c328847a72d9aae942cc93c72d9821359ab6378b790877a3506b |
| SHA512 | cc76cbd988625ec92a46e6d95fe60bac097d56b77bdecb82e4f0f365b7ab731252e55b76ae7a51bf4836827794aeccd82ca27fd6e757bce1cb68d6f34e6c444e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ae9e06914d29a61aaa577112872194f4 |
| SHA1 | 24226817916b8e283add380a5c5100ec373de914 |
| SHA256 | 5645658ef1d4f915fc151df3fb2abec64c79354100ec1dd3b036cb33eed678bd |
| SHA512 | 205d412e49556fd0c87152cfa787d127d847a149abf6fa4be426e46327a7f735f397352c6c1687b71843f1f998f326aff917075674951d035a26b839370eb287 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cc1248a3023a9b3663cdad0df4a1a1c6 |
| SHA1 | 58d29d5b107d16bcb1abb059981345a923c7e37f |
| SHA256 | bf10cb8bb01c7b058108f61e57b2bf6c46a547f0ae4350a793943eb9ae4cbc82 |
| SHA512 | 9346f845dde5b59ac9e8e36c7908d0205e71a1ac68ae14f97b74dee9fa06c3d95bde6064a6547ca3191b23b8def1bc014c370bb64246ac8a03e92cfcb694b737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 91ef76b5a448fabdf87a6a848eb39260 |
| SHA1 | 7900e67120861aaf2f44dde9a21bf461bc3ee7a7 |
| SHA256 | 97dd74e2afc67cbd578df3e7091c6e1c98327700e2662eced6c0b9eee9bec919 |
| SHA512 | 99b6066b2d0aaedd6cd14081965364507d19c8965822147d08fc4889d9872aaff00fe8f39f4a9caebaabd72420c521247807e4d14e285996aed1ea945851b7b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0694becb9148df9f252d5808c1134c6a |
| SHA1 | 2906dc6efeff7c484c56814d4e0e193b95b312a8 |
| SHA256 | 0edfa45a8bd1e09a2ed00a2bc57412e4284fa619a3cc09f0c3b2525c4e89deff |
| SHA512 | d8017b0d9614cd17ec9fb352047915df8ce881df02615b3665cf9438fcbb31adfef2e198d8d452a5e52c5034c0b546f6d3a0d8e951f19c19da052c3e09ed4631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf743b40d7491d2e5ca13fdb5e77a04b |
| SHA1 | 47f945d9bc3244a512ab845e232c8742aa6c65c0 |
| SHA256 | 05550d6b4f2079caff6f546952f31e04c432627881c7d3dfca3f6e12f3942990 |
| SHA512 | feed8f795885c4ed5c5cf109e0fe2ec1dd114d34e8676a661d2194d430714f4ec3d92db54ab0b1ab95bd07fb2f1e81c1f7d4a3fb776f5344fe110e1bd1203b95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6deb8ca0563b52a7b181cb72e23caec0 |
| SHA1 | 357ae7760046c4a9d966f19de56cfb9684d3e974 |
| SHA256 | 1d445cf6ae39e09e8a0beec4c29555b09ad3eb14a0a6a4c649c8a3cda396a21e |
| SHA512 | a8e998b4ee0abce9001e796dbcc05f339154ffb2fe4748a4f47eb20aa82ecfeae16e618fac56be7e8c7eef2b034d8430156167587073236fe541b1689a98dfac |