hxxps://play[.]blooket[.]com/play?hwId=65f1080fba8517a4a966e149

Analysis

max time kernel
1169s
max time network
1170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://play.blooket.com/play?hwId=65f1080fba8517a4a966e149

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2668	msedge.exe
2668	msedge.exe
2160	msedge.exe
2160	msedge.exe
668	identity_helper.exe
668	identity_helper.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4956	2160	msedge.exe	84
PID 2160 wrote to memory of 4956	2160	msedge.exe	84
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 4536	2160	msedge.exe	85
PID 2160 wrote to memory of 2668	2160	msedge.exe	86
PID 2160 wrote to memory of 2668	2160	msedge.exe	86
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87
PID 2160 wrote to memory of 2908	2160	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://play.blooket.com/play?hwId=65f1080fba8517a4a966e149
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd491746f8,0x7ffd49174708,0x7ffd49174718
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5420654297191385177,12672360182872178652,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2332 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3438071e-6017-4e7e-94b7-fd8ff0e5c5e3.tmp

Filesize
5KB

MD5
0374ded90243b347c6076c0d1b95a45c

SHA1
b25ee8acd0677591d8007cfab91f5b7cea2d3c2a

SHA256
604f79f44b9fb169d36a398a2fd43cdbddd95a4db7217cdc3743dd958e0fc4b1

SHA512
48b2987afd16a4310559254988b41c2739bd10925dd55508a0449516a1c3fc87e278e308211761ba3b4874091ee44b015a98356abd4cf95856f42389b438dfe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5f798646-25c3-4d10-9867-0050ad2570c3.tmp

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
96B

MD5
390b4df1b29329b0e973fdae040b8465

SHA1
c7bc4640b282dc02c6f15ce062997b3715286006

SHA256
d765d241c6bf140b920141fd422be1957326880bb6b80c527166336fdb08f0f0

SHA512
e50dc90f092b87bad0739fe5f278fa9dcee1f0b3274da85c6b4aaf72963f5661638e808219860035b7159efd4aaca394674d73bef3609f7cffc8690168767710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69a092b3092a8ce0349b287642159475

SHA1
36ecc1cadfeee9bcf41aec20658b03137ccd053d

SHA256
2c5e91e2c3035150dd169304df1c0cb43483d257f33b20eff57c954ac93a0239

SHA512
0a129e87a96aa9a47c2268240b7eb00efb22368f5a7e8a89bd185ca72d2a60cdb060e78526b9de8dcec2300a79116cdde1dfcee49b11dee4044414179bfc9836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cc840722cb65a4023028c2fd9cb93ddf

SHA1
d438612595333d0ecc649c9bf32321603ae96ee0

SHA256
edc6ed0c805616ab96fa2e12bb76fbd769a90e4c31c722ea0aca3cd3e7ce12a8

SHA512
b02ff476c5a57866b2ddbef567c6a8dbc7d79309c6e65134e595b0c071d50c3d85a141b0188f63da335db5f78617e081d027c64abdf3d2897589e8df04ee6f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
76fec688c85f348fae57655f2becfcbf

SHA1
0b6b7a753a549736c2b234ec57574c8c369790d2

SHA256
307d69a5bdc83fd53f8aaae60ceeced7ac38f1c8acace35e6d35b27787c66963

SHA512
e06e988cedb306f8e3fb53dcbca82debe9ff3126f6aadf373d12dc50b8326ff5fd9b2aff5f7ce9fb38acc3037fee520813c64c239042b3da817ec91d415f038e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
718e29e63a833d4f9a72eefe36fc55a6

SHA1
56a7908b9801a8185b1b1c6120550243bc6a9aa6

SHA256
6fc9c481009eb8c3f3ba38495a1b504545c0e94628f446914f5a2d92b3db631b

SHA512
5324999faad6baa151af71a1a564c5278661cef8e03e6342659bad0551c8407ac9a01e192b9ac561d54d867198c51736c983680f0135e3d6ae55588fd0c01a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bf6c95fc250489ffa39cee8cf0d007f5

SHA1
566e5c015a0c65a6dd00dda9e284c107da6acf20

SHA256
c4ded0d1244f332a5ce80df3eadef2d0e8069e0ce566f2fc06ad352d750b0e1b

SHA512
f8d6f102484d92c3a18e5f8aa9458d1e1158a7adbbaddf8a8c607ea714bec5eeb24e6308bf7f14817b1b810c239d16492db25011c697dca36c4e15560f59c3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e2a449be309ecd2ffa492c4e8c7572b

SHA1
0dfa4dea33f345e26243c9a023e83c82ab8248a2

SHA256
ae6a57af05d0d8d743451eabb5970b4641681b00c8a205729ba1c095412ea9a9

SHA512
d317748b41bd99bedd2d338f730619c100c7bb2bec1a30bc7d9c9252a49da7834ab9b9c51179f2653e4efd44d7fdd0cadb85bd703a669974e4a8a1cd8418746b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit