hxxps://familyisland2024free[.]blogspot[.]com/

Analysis

max time kernel
75s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://familyisland2024free.blogspot.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
1456	msedge.exe
1456	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 4268	1456	msedge.exe	83
PID 1456 wrote to memory of 4268	1456	msedge.exe	83
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 1868	1456	msedge.exe	85
PID 1456 wrote to memory of 736	1456	msedge.exe	86
PID 1456 wrote to memory of 736	1456	msedge.exe	86
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87
PID 1456 wrote to memory of 4376	1456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://familyisland2024free.blogspot.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe29dc46f8,0x7ffe29dc4708,0x7ffe29dc4718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16993776048384875012,13999151485569127740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:1
  2⤵
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
e0a894d4feb9fecba12f4016edcdbbd4

SHA1
3089b9258cb70ead2ed3301a9725c49803b4bde3

SHA256
a95dabc565110bae5a93b0e02da52d4cbfd8a3a78ad27799c2240e1e669ae59a

SHA512
c1535a208620cac9b19d7c2116c53e1c3c829e6fc270ed650636044384d3d805ae3eff846b0af370db4e447c1945075b084e26f544c9a31b77e8195d036071ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
751a67d5cd3b3fe711b4b57263a835d6

SHA1
75d6624d2566a9d5ad2887e256c1564ddc1c4116

SHA256
048dcc3e5f8db21a436578523e6fb1ba39887d3b379903bb3f769983c64d9a96

SHA512
6c537a40c5e1bc9ee5f24605bdd5dd20a4557001c8b728f1fd97ff6f60af89c56490e2ecaf870426df162d33e2b3da99d8b42ff6b4be887161256d8c05b32e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a1477ea539fae8a70afbcf8a343ed1cf

SHA1
e72b758814345c6d294f06ae681a1d6368ce0c49

SHA256
00e36861f0bd35b2ef900e0220ffcd1d76c8f5a9c86de3f87307fdad67b8fc07

SHA512
e453bc6a28619576f0a1356e46e90c55af9462087d038e228fd8be95e8e907d1588a23772ca8057d79889bed44e35178c6fef071457248f2bc09fb8c1ec757a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a061716b84f89510c0fd63cd06685f8a

SHA1
416dfd4ee5a6f1fd22e8ba158f48b78838a9a50b

SHA256
22f62f46e501ae4c5b31aa93c705c29a330cc244e02e40a837df59e61177709b

SHA512
79d11ccd474a6cb71339de69a9a4c73e233a63a3f6b095a1c81749ed7f4bcea82fbe5f240e9f3fb0172328ae1bd04c1528df3f73eab05c1f6e7d2b57838fbe07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ef697860fab5082db5440d521e49b76

SHA1
8f8b16700fde7ec3136ba83088cd5853019fd54d

SHA256
4e0a46de6f93fa5a4e0242fbb728c59eba8e295df57c18e573a6c8c5681866cf

SHA512
0665a22187b61e2b13c6f0bd07699d1cd9acd8d6dedf162461526c6fcedd709b6c20e28863ab3e2cf4de971183143cc96d00200d2bbc9d5d66f856c414d0e9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5668f00b74c78600819cb5b7ffb18a9b

SHA1
e1aeb14ab37402df2067887633fe0ee1619f1f9c

SHA256
06d9431e6eea5d7d86f1b3818bf641c69373644951d22cc4dbd63cc905b6d28b

SHA512
4f5c2ee50b340deb5e5b20ca4522077a309774c5de286bb46f83fe7f86022ce493bd99206b819554cb6941f8f8f0fccaa7eb2af0af0b6e271c8972026146e51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12e96c69e40f3a53e896cf31cba6967b

SHA1
35dfa738bcbd1b225bbcf86362e5e0d627ae4c9e

SHA256
f983e7b6bcec9c7630aa153ae004f4c1bf4e6eb7e1d01e04f2ea3bf851f2ec1d

SHA512
bab7f39b016076cc5b0104477385ccc06440e6040ebbd86580bd796138aa72bd73ad63fbe32ba395b2a0543ae93c7d03a24170756dde7d3e1fba2a361f62499c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7034bf875f48065c46242a2ff5cb5392

SHA1
2fcb3d7a93bf9beb304e89c06f77298119f7f1ce

SHA256
6b7e7440818f10eaba7b06acdba6b6e2570b22898e99108e14af1d1953264874

SHA512
4fbee0892f3adb0bc0fe843758b881c0c964cc65244bdab8ecea3cf8483e70b2d5fd643aa2260514740bfbaad5378d73ad0f450d40bb03fa055fe173bffa11e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
de92b4cb0ded63e1dfaed0517fbfbfa5

SHA1
98c0064b3323f8d1b1a2df63bf012b53327b739d

SHA256
1ae8694f9158aaf7b02c0327def8cbf53a18dc48754ae2b73eaf91667d72c5c2

SHA512
b5d49d6b7e92cdd2dfabe0051b9b7c7921a558d4ad87bd6efa270041042a64dad17b7b01167d38b03eddfc8dc8e860928168c21337bf36fe7161adc5041810ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5897d6.TMP

Filesize
537B

MD5
3a28d479af5fcb721f485f7104905caf

SHA1
5f6aae1658a6116a608ee3bd627be0011b3a159e

SHA256
20368752091bd16b6bb81a7124590ab0571ceb61e8f70c02cf0e261bf31dd030

SHA512
7484342e6da1d8ad2e99683e04453d5f5cd174ac99bf7592cdf4d41b2a9e0c106d16bc984b6768ab73551e5d9c729c5f58c5f4ed64f5c2c72424a4286f9d85bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a69a5c5f3bcece9b8ce72d19fbaf3f1

SHA1
74903c1dddf4e45e52f6f2c958bc28c4fb63db51

SHA256
10a1853fff7ecda24eeb412771ec3fe0920f9f64dde364741cd97d8e61887211

SHA512
b71c3f8fd3bba8ecac5319f4264539f29f1fe7ebdba21c2750457baff01d76e349178a72ea627172dcc138f71c39614cfbb59af30e75eb012f0e45e3654c0f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
599f9a007f401d17be0e333fe476f79a

SHA1
e7cc64a615d4035f27a63837833083f3cc515e2c

SHA256
2ddbe05cbce226a284d6c88189b9568e4124fcff458127fb146e463e30eb194c

SHA512
8ea971c8fabf9803fa3e412c5648510bdfc7dc122aea44ecbd6c2024bc5be8e40af4a2dd7580989f1fc5befaab98fa80f488371dd1bf6773150a40262e846d54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit