hxxps://www[.]roblox[.]et/users/8391317121/profile

Analysis

max time kernel
52s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.et/users/8391317121/profile

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
2464	msedge.exe
2464	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 4456	2464	msedge.exe	86
PID 2464 wrote to memory of 4456	2464	msedge.exe	86
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 1392	2464	msedge.exe	87
PID 2464 wrote to memory of 4704	2464	msedge.exe	88
PID 2464 wrote to memory of 4704	2464	msedge.exe	88
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89
PID 2464 wrote to memory of 828	2464	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.roblox.et/users/8391317121/profile
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec4ab46f8,0x7ffec4ab4708,0x7ffec4ab4718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,12497326998370314415,6758779205765617378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
59KB

MD5
7fd069146ea79b16633bc8b45f90482a

SHA1
98dfafac54f6f5db51e3baea698208833ed1b642

SHA256
a746ba588555b584fe98e42ac1a2dfbb92c2831b54c263f51fe91d124b9214d7

SHA512
c31822f497ebb35a5da455e77965f16a83e2007215ae88e64bc21019d8d45fff4671ab4300d9cf518bd2b652d071cc582fdfb99b4807c75e2022755e6c60a06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
42KB

MD5
cc7ad65e0558327d8fbe8ade40ab94e8

SHA1
6c153e9bf971f196db25cb2cb3b62f77f0a1299a

SHA256
956e1fd407995ff1ecca3bf42ca0d01086edc7eb6a965e1d9d4a48f197a8bd30

SHA512
0af63a7bb1151ef7564472b90ddd766857e3fd78973195817aa751d97093558688733876114ea7341063c7f1bc01f90aba1016980ce2c009a0cc399f40614377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
39KB

MD5
e1f6e032096b2924e561c3928b9dc73d

SHA1
f33a3bb1b04f04ed1b93b13d21b6b3ce529690ad

SHA256
fa802b853572d8a40ee939940d0cd9562ea8f5954c0522b0777e01fcb546c3c8

SHA512
b13f6e1f984d28c5f4cfc4ae2298b321c314892cab1e5ccd6f1f61ec98d8c1a39669078c88ba541c91648963abc6e16e0a1cdb4e9449b4be16927e9bad8d0f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
42KB

MD5
b715a5dd019d1b8771a3031ff85c972b

SHA1
5768744eb85d3137d094458e4b7842c1c5c526cd

SHA256
e9ca7a8587bb3674824a28a8a80836e3483dc3bbe97c658bf7c984c5b424920a

SHA512
22e09e48a13ced3a3cd95a5f40b5e9ccbbad8abbd0d6af7dd4e411d63c662b09f1ad2453909a6c7a0d0ce34f250f2fbf0d7f076dced281f133ab7f21d2008d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
52KB

MD5
3474a52ca663a53e51c4ea29b770accf

SHA1
1f8d23ccf9ae0941d36f86196c163c2b4ea3b9c8

SHA256
e254b813292531c845539d0b726a38e39c7688a0e22850f6dc61c84d32f584d6

SHA512
139032d42d583ab73f39d3a0ecea2718914623734b87d214028fbb3d0d0f3d73cd43a3d24b289c2ada11f24b1f4606b82f4763532c74a4caaf8dbc6cd8df6e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
40KB

MD5
f1cad4800853bba09a023250de102801

SHA1
76e1a6ae10ac4db2a3e4e8bf6b7edd692c4537f6

SHA256
e73ceb9052ea848498daacd8a9fff37846cce47324b38df12e9dcf0bf25d2e3b

SHA512
4e869ccea434e71f03ab513b3aa6212da3326cb9625c467b782df48367cbf5c69fb8a073d68180877cfde2510dbe74670046b897125b55f013fe595bb7d3595f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
23KB

MD5
e4b0d20f483b4c24ecffd4678479e3ae

SHA1
f0f3175f2c92922d123eac1e3a4c5bc8f6091b49

SHA256
ab25f94f51f31d69f3a7ff1959eafe9ddf3fad8e983fa216c91795bae573e13a

SHA512
54dda1d96956961788768dd0d5cb0ef9f660898b3b4fd1f6c02d5b092fe3629cb38f478e5e2fa5b074963616e63a235593a2de9e3fb420b502b40ded7430a715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
44KB

MD5
28d6deba0823880f8331bd4695469645

SHA1
a9fb38e13eddaed233b777f4db8efb4762c215a2

SHA256
2897ce935bf259f030e1c67dc25840da8793d4b58bc5fc8d5450525490d62590

SHA512
05261445ce6c11d1cf49716c0a2c6c2abbc930af4b7c817d36afa7819446f7e40f740a31b8e9734a5f68a0b140f2424db8779f27bae349a429002bdb30c79e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
29KB

MD5
0184869286788eacac1ba69396519d49

SHA1
0c5f414d628c549f94ad3a74b0afcb60e5dbedd1

SHA256
f696dbf8cecfefca50ea3fa5cf29f5ba98c37e723bbcd5c6381269e08be54e0f

SHA512
b6bb6bec302cb11e978fb40be6ed3ad6ec18afbf3bc4e81aa5aa078c841bc323542b7a4c83037c7eeef8245c29e27d0143528f071d33acf5346ccef4fd5f38df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
88KB

MD5
cf32003b2a71b7f09b15e9ad77a42d40

SHA1
dd13a04a430ae36e5947a503abf60c24f17d31a1

SHA256
9442cba9804cbfce11010881cda395e6df369f778358e50536bc183c926370d7

SHA512
6007af3fe5be0f250b877d18351510f82fe40458033c7342e26aa4ab8fa75f728881b2b872e1bf1a6aca7810151523bb53bf9609f87d414390b45c32c0e66542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
75KB

MD5
15a2f0d9497bdefec193f1951b076696

SHA1
b673c0729fa90d589261edd38bcaa74439297cdf

SHA256
aad6b6bb918d96aa219dcb54ff8a8a9587a9abbe51b4ee131fdb1a82f028745b

SHA512
36cb398ffe146e46e57ba37a2ac92d03476ac0b0368c64ce0102ac3b9d6a484d5e4200c136db9e04f25b327641299457b8f9d140aba6bef6a9fdc04313415e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
efd99f6b50b61e6bc88ab81db271f5dc

SHA1
13a91d8c6aae48306779d950cd3da773bac54a04

SHA256
3eb3416904e2d4354a4760874b015d4b7ad0f4f231889eb2e80a7c2ba79c22b9

SHA512
3532987383c85b0cb80ada4314a3fd155cfb78d23470aa7ea43c40342d48982bb8b3824b65c05fe496662e433ce65598cc902cc9e51d6a32802709683221e160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
30KB

MD5
6fd1421c547715cb7b78ca67104bfb78

SHA1
cc7f1d6761d9c7256745ef7586ad53e3183f0e2f

SHA256
57b9a684f743cf229723c1a5e9936d930cf48c3b5056c16c09cdd71ee6fe803d

SHA512
f64899cf62a1696adbf62f597f69c3a1ddd62319071f9a87076977b9f6c80992b333223a07cc1645a2fd578306e30abae12e18afc41cd582ee9717ebcb423a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
20KB

MD5
f550dad3dbfb045a5d3b91aaeca0b384

SHA1
ae0700d295166c471d2e3640134d7bcfb183bbcb

SHA256
a2d804e54d655a53053419498366fcc7e4a9e485fcc872795b22b31c6b889720

SHA512
1eeab46bbd2eaadd75ba18fa3d74f9ba0555082588e7dfca77425adf6716d9553b669250af5cb2948cd4d4a5a4453866834f018709941da5aa67214c0f6b8b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9b4e1520ec3161612ce5bd9f3cc7b3d2

SHA1
54f3fabe6f452dd11d389cbc9d5806b4ccb0cf30

SHA256
8d6b54c005a16351d731e016e9656d3044703d38f1c38e56ac77e21507c33a94

SHA512
34da7226ee1ef623793e3473fd49798242ef8795e6c9b0e7b9b921cb6a15f4df17317cba5fdc1244686a23483e3a0cc092dd9afe88c1ebbc602d30858804415d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.et_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec112a03440eebf17e4533f6f84ed473

SHA1
2b65f5e81f0bd13fc7637372d634a9da5a4a0250

SHA256
cffa8c259d4d4b3580d73deb28e63ccb01a7af222915460666600027760d8ef3

SHA512
0e59f40bf63871b185fa6bb2131bea2ace57a9e94f8fe2c84049c9951553d973557e4d27fc75d04e2a6951cd2934090041a96bf870d45ab3600029ab3dbe0fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
353a5facdf0b65b815812344be36145a

SHA1
14824712fa66567ed9677b4c050503c240d35dce

SHA256
cca9a645a244b5d4670729b23360e52a102bce7d5169cbcd7aa9457e17dfd0ea

SHA512
aedc185305a08c55fe32650195ed19ad06e6f70d9bb8b7a4980bd2a9488aeb335513cfb293cc13e8b891a883514cb3e2aabf0c7fc2641a89589da708cabb08a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f317e30e9db2b7c6608566f3914ad686

SHA1
ffe1d7ff63f5becbafd8f3bb10535c18467fe2d9

SHA256
8b89e7969555b135bb5f40b5f2d9f39cb7a078d93fafa5fd2685f6cd34895246

SHA512
14ff63caa1a45e5a6db65657ca27e12d7ee7892614af4e45a842677c584e3b8a84817964a1f70d067466ac5aa04f64fc40d70aadff0e9eb03b3d1db138bb8124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a3ab9ebb8e05e5d6404055b45222c230

SHA1
1a98234f3b57f0f1cb325490b359e0cfb3fd5c14

SHA256
c225905aaa72a00934fcfea3e8c48cbe36257ee940d7510eb9b50409cdbb9e27

SHA512
05cb05af1f0df6b23dbed1055ece277a91edf72ef1b989b8881effa3331b463d8a7524737a167bf4201b3c413a82931006d9e70625270e18469ef15b184a6089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57df06.TMP

Filesize
48B

MD5
1c3dcda0332227aecd9ff869917ab529

SHA1
e6a3dfd816d751c1a9ab2ebe9a8550d7322e838d

SHA256
c0eefc60d647eedd99fbbef233765f0df732f62adace4c134f70b03a4e84366c

SHA512
75f4a24d818fbcf7f063256e7fc8d3e85a21e285ca04ac750cf63692ab5ab62749542b66d327a46b6f50062c8f5cadc34424eae7f610c30ab236cfa36ed2e5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa17bb0c1b3cb8dd7a789f2028572a8c

SHA1
8291026cdac1db718ba12c2456854f799c356236

SHA256
d2ea54f53047a71778aea378c81df88e2ac76a1e4c2ab333e6be673673a3579c

SHA512
61a9c7efb8ce39b9970e666c8e8f7fa39bf394fcaec220157f8348fc562bb552d6be874285db7254da958dca15709ec6dabb68f27a2f72cb3e59028641912593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4c6808c2df0989e071d466db704ec1ef

SHA1
81ca6025f641f2b8d9c6b3ad3d63871f1383a61d

SHA256
a0b331b93c549e3c4b6bf43b0c77ed14251c1043954d6997bd98244924d3d273

SHA512
6cfba3c0b1b6f980cb9b1fbc29d9e51dd81bb51b6e30b9bb7e69b6860fffe0458320c7888378f9f7541da9dbeeb580bbfc17fb5a73bcb605257f970527c78e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a299e2a4d27c4995f9d76ee0e411bbb

SHA1
ae9320c43bb6c8b73d9318e45460a8b9f079406f

SHA256
b9432400c53649ee1a4ad67c4a8f7e0101ce3d0f6b3815429def13bc50b10a96

SHA512
8365c2e4779aec364f51ea27c68e35b0d8a6b2ec66a03cefecf15450ea9959e9dadad1580df1cc60a37c60d40e50f87439477c6bcdeffff16a2f342b18dff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e7d0.TMP

Filesize
1KB

MD5
ed722e6b141e7aa7db07eda86905ece8

SHA1
7ccd467f8ddcf25e658150f870ed5cfc71009a8d

SHA256
1b926149d1258a782827db1bd3914c8d0676c371fb73bb133e46ef7eee454545

SHA512
0915a42bec00813652ece27d43d50f35b07b33bf314a5b5fd946a3d5be964efb54b6ebfc4822514e1d3aaf4bdb500afef988f78f9b986e37800a8269b08de6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af2e22efcbffcd5cc12f09ad8eb05b2c

SHA1
835bfeb6d9af874979b0bc0aed0b64ed3ec71260

SHA256
84d8f57eea978dca398c85ba1b537f8e704dba7cc8438e4ca41eaac2a44fb46e

SHA512
b14a2b0c9497d7308e807c87af3915c87ff9ac227a7faf7351c89a1ec013b1d6109e58eb42ff017470fce682641e9bd54276bdf7e9c0fdf38725ce50a78d20ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit