hxxps://cdn[.]discordapp[.]com/attachments/1279436235038789642/1279813106998181968/scoreboard[.]sk?ex=66d5ce56&is=66d47cd6&hm=54e3bb4abc96b6de085337d973b77900706d32bdea8aad13f4fae12935facf41&

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 14:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1279436235038789642/1279813106998181968/scoreboard.sk?ex=66d5ce56&is=66d47cd6&hm=54e3bb4abc96b6de085337d973b77900706d32bdea8aad13f4fae12935facf41&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2328	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5648	msedge.exe
5648	msedge.exe
5128	msedge.exe
5128	msedge.exe
5676	identity_helper.exe
5676	identity_helper.exe
1556	msedge.exe
1556	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2952	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe
5128	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4516	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe
2952	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5128 wrote to memory of 5172	5128	msedge.exe	86
PID 5128 wrote to memory of 5172	5128	msedge.exe	86
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5592	5128	msedge.exe	87
PID 5128 wrote to memory of 5648	5128	msedge.exe	88
PID 5128 wrote to memory of 5648	5128	msedge.exe	88
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89
PID 5128 wrote to memory of 1324	5128	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1279436235038789642/1279813106998181968/scoreboard.sk?ex=66d5ce56&is=66d47cd6&hm=54e3bb4abc96b6de085337d973b77900706d32bdea8aad13f4fae12935facf41&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a8d346f8,0x7ff8a8d34708,0x7ff8a8d34718
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2924564232137368641,11463102376203297314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2952
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\scoreboard.sk
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a19022fcf41b67591411b2208528e5ba

SHA1
bbd05e2263c21ecd3468732baaf41fa1b5afd1ab

SHA256
7fca79784bdc7f4c54fae51609ffeb01cd43849abde3b8fe5688d3e8e0c4231f

SHA512
d94b9c7d0b7624a33e4a3507cadaa98f14058168516993e210b92045c7f4a7a1c3c7659c7807ed4714ab014b0dce01d2b054609829fc0df8321b64c757819089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
983e3c9d804fcf48ca714c46e0a52cbb

SHA1
cfa2b82a141b34a146c8026e0350d66c97c9cf5c

SHA256
edbd6c44765e2256a52035dc36f1dc03ab9fed56150192edcbf519e029fe7d43

SHA512
ea9180fab0488a217868ec747d3d7f1f51a1113d891a3c2b442cc460b22b5b37ad89ed2eccd603496886b429db1350ec5acd45196cf070b59df19c4cfef79155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a40b3dd053ff10083a2b66e6bfa4f32

SHA1
77ff17f02bb38f61ed202e4777affa7b9e2b5df7

SHA256
650abe5063637ecd9f387d014e4ffa4ff502b19a740d9a28c22b922ebb9a6e85

SHA512
033337fce9e243dc277e4e5433d9c5734ffbe23e28a587e16069a81995568c5beada9331b693fd8808c6f17bf734394dced19a4b76fa03969f6c1866e6f233c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
273d6450e89ad29c74cf1acd8326128c

SHA1
4f0239f82907f446c3ea5781d69ef33e4479fd71

SHA256
ca5316863c6a5e3e6b45899c724622da9d1914e614058ae6d87cf8092aaca78e

SHA512
bab0a6503f57d5ac4a31e3f84f7bd37c155b1a731b38342bb321356a25a308f267f7878ae149d878966318b7c3cffc6b62f1a99c7a63230c9af4b1db63bf9916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b445fdf82d5b43068ff42e84aa6868ec

SHA1
9da53b609596268bd4d6fc9363ae9a4c5334229a

SHA256
dfd6fcc6a95006652bae8c437b35332cec34abe85a665b6b80340bdad2178203

SHA512
797703a6acf8ccb9c70e35990415f1a8cba18388cf00505a1fd24ed5825d6405d69c1cd8880228fd42932feacd02bf2d7917312edeae0cfe1a481a55b5db3ae5

Download Submit
C:\Users\Admin\Downloads\scoreboard.sk

Filesize
820B

MD5
441b31e2848f157341892642312f4be5

SHA1
ce6188c8458a9e80430b9d624793cf8258a51f24

SHA256
679ec4cecb25b2be5c90af4cb3499eb1db7fa27b906202c5ec9f3636db4e5871

SHA512
e1b6d1be029ec35c8a46505d066a55d7ad9909f9fa2d7b374886ffe9df4016a519714db3df90e8b18f6e27db9c8b5dc277d1dd122e86c773eb73f001f32a381e

Download Submit