hxxps://es[.]ldplayer[.]net/games/worldbox-on-pc[.]htm

Resubmissions

03-08-2023 00:36

230803-axw3kaae58 1

03-08-2023 00:33

230803-awfn7abg31 1

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://es.ldplayer.net/games/worldbox-on-pc.htm

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
3980	msedge.exe
3980	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 2044	3980	msedge.exe	86
PID 3980 wrote to memory of 2044	3980	msedge.exe	86
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 316	3980	msedge.exe	87
PID 3980 wrote to memory of 1524	3980	msedge.exe	88
PID 3980 wrote to memory of 1524	3980	msedge.exe	88
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89
PID 3980 wrote to memory of 3540	3980	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://es.ldplayer.net/games/worldbox-on-pc.htm
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc99d546f8,0x7ffc99d54708,0x7ffc99d54718
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,433656570149704266,4406963652547515797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
5ed050f8004bfa087403d7d310989507

SHA1
2b44fd2d90bb0b7b9f4608eefb4b3f92d9387c0c

SHA256
13be55656e7640025504d664f3670dbdaedae47e058d7395dcf9014139e330e9

SHA512
29a73fe1df05d10aa6914dd9420ad30c804c25f61d6e62f90f2e34914c5d3f11737fb99519f653dd22e12bc787db80d28e6eef33bce2eb481cc3cb42d02cc6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
c21141431b57c257d56ae2f70793fcdb

SHA1
f7c2646053940ce01e933a15f682fbfe2394b6e1

SHA256
6156dc6c9a8e9d99a95a4aaa6206cee0fb9aeabd3d8e483b6fe253b85d1463fc

SHA512
cfd2f578b957ef21b82e9689e6081c9a3a6d26cf6110a07f0db65bf3a32e5bae30b6fe15eae2dceccd8fb857776965bcceb4fa1511f3b2e88f3d5ceac468ce28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
984cd23afd346474af3245fcc8e3a33f

SHA1
9873074d1d7d0ee96e88c2d3f0e882b5b2c24e9a

SHA256
93e7f3e07c5386136f7e31bed816f34a0893eff4ede2e93a468ab425d76489f2

SHA512
2b3fa5d21b7115a06d0aa5e1b4e432f53845b8d802ea218feffb231f5e9f84a357bcec672b6768673c76c4fd9e5ebf0acb3a10268b99e88b49ce42242b93777c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b59028545e55225d9bfebf96ddfdd638

SHA1
a0a1a396b3a26a14f5f5bbed13808a2e2796eeb1

SHA256
03efc5a4071e813d7aa4dbe2cf5ae96573ed1a5b19738d497fac2a29e64b0320

SHA512
72729511aa83411f1cb171243f99189b5e2b49fa8e82bf2b4826b47c24c712161bc70544e070b77cc14e6f6d8558413a7e25c4b31e770ab4f939141966db4294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4fc4aae30c878d084d9923918064b3a

SHA1
1dfef883fa3e682fb5e19acc5450c54537968e37

SHA256
25b663c9ffa574fbf3c9c375ee25005ec4d8df90845e8b08ff15a93f84105c3e

SHA512
a5a159f376d19c9033999e7545fa7d0803294370ab6459452212e4bb5fc8e8db7edbd294f4456bf44b196c854adf5d80d69bf55aaf790ecc302b08aed5bdfc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5daac226b7750b732ecd857d6248a46d

SHA1
79a4c078dc75357eb0a513940905f9f501c40fbd

SHA256
cf782edc7e647a763b6161795a71c4163a0ecf41e11a338021c90c5b954fa9eb

SHA512
47a475d94605280d5c410fcf306c76da89b035615ce899fc76f3b1d0c5f6b35e7bd41a451e9e1b72a772e2390c0bbba37f47b20766211a8fda849747026e2843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48fed8ccdd52f7257be246afc3b48ebc

SHA1
f5c9faeee20a0fbe8869c26dff4bd81e4f518937

SHA256
3a24409f295b981d84e8922f2bf616205c629f8efe7eee0f56be8c38f424cd92

SHA512
ee2db6ad341cbb645f42fcba3cedc652efc398b0f6b44078ed5176b56e60bf73388d914fba7cff5baa71c0ccf76676c2387647824542a5aaf6b2eb7f0e2bdc57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
026987065ca70b4c9affaf202a07dab5

SHA1
213198983f174266c34cdc914be44be2e56d1764

SHA256
2da74a412d84c5ff4d873c58d3bd307c774dd0ed90764f5b021a39239ec373e0

SHA512
c5331836d02ae1d84eaeade2e24c028a60efa00e2197611060d7833453fa553641ffa95ba1623d70368e5cbfdbeb91e277fd5003c0223fdda321a644935d6315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
afcfb112fd9fd5f1a194dbe4e1cb2044

SHA1
48ffc45bbd806698fb401d3d5b14b14323df0ef0

SHA256
2f29245c39e560fd2e0298f198b692030cf7ab78b8d2efd6ed60d4dfdaf16572

SHA512
bd5c616969b07fab8ee2cb3a0fce53ce32fe6ffb132214ecc018f69f3d2de3801f2dbd4f63ffc4dfb3a2712897ec9ac1cbac9c8f2c59aaa935d2dd2e0fd5355d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f3d53722412dd6c0bb9da1bb8d995b01

SHA1
b2895fdcdb445e7dcd69034abe6f491593e545c6

SHA256
6f52a410901d7060c8b55171d06d5502756260f833f355ffc564e3adb5f5aa17

SHA512
760a6b5aa87589e7ae2fb34da729955e301c20eacc5f9aedd861327f47ae8214badd51fbee89b8ae9e621099b02a7eb641239d34cf8536b897a04f65405fb66b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit