hxxps://linky[.]splynx[.]app/

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linky.splynx.app/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
2364	msedge.exe
2364	msedge.exe
2500	identity_helper.exe
2500	identity_helper.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe
2364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2104	2364	msedge.exe	84
PID 2364 wrote to memory of 2104	2364	msedge.exe	84
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 3752	2364	msedge.exe	85
PID 2364 wrote to memory of 748	2364	msedge.exe	86
PID 2364 wrote to memory of 748	2364	msedge.exe	86
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87
PID 2364 wrote to memory of 4516	2364	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://linky.splynx.app/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb0ca46f8,0x7ffcb0ca4708,0x7ffcb0ca4718
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5131952064171359794,15725663818523271129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
db3506d4dd8b02d34e1521561a9cd24a

SHA1
ce319463e8515cffae402a734c1f39021798be31

SHA256
00d6061ebe82acebf5f8d4f6de7ad5563f7b3e8582c96447fc9882ab91942164

SHA512
fa83648b07797fef8f78c73028797fe83b38d33a52c485c611badbe0a39bf445564c1afc7dbba30a6ab37f1703d6ad429fa8592f106cf56f4e1d074b90bc0220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
254B

MD5
ad15aec974133f1bc07c2a77de7d000b

SHA1
bc14adeadfa5d4b1252d01ecab87ab041be9957f

SHA256
f2aca255be06efb7457c4147a691b3dd1503e177d517441d8b08f4831fe62f71

SHA512
d032480399ee584c63ad9c16746a713e03c2bc48e4f9bd8c94d28acf4b7fda6b53bda053d99a4db896a5a48ab724ff5cc5543a33fdba771001db0de01cd39fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c1d3e103f99dc12dc57b167079c204a

SHA1
8e3e1e8c3d020dd7d7c2a5ccfcbd7f24e7cbed57

SHA256
7dccfc23190f2b82e07a479207b2855ba3e77784232249e2ed911a1f2b5aaa59

SHA512
1fe1bf5f4706c5dff7e0086aee263d5025abf3873fd7b2fe5d51f419806b70b4cf08c821a9716586f4caf1c66c4f8222220fa278edd87bec018b0636304bb889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51191d6fdd8c18cfcf3e49357cc6fe6a

SHA1
38c0f1f28e9a14fef280896284e712db6b9009df

SHA256
30bb55fbccfff5f8b0563fa5d74426378fd42bf7f3b6ee4e6b8fde2298e7fe35

SHA512
a413b72d904e847ff52d80f2582525430881b5f6a3d267b266d465151db9db4e48a83b8da79b7068fb8a082bac8f9caa173ff00cceb83be8ae03fbb83ec2f980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
a103764a8f80a1f69ed35947af62919b

SHA1
1f35351af130a6d97c04174f8727c10ea1b58ba9

SHA256
e66fbe18d026dd819f83c608b757d3d09ceb83a8e10950344c28892787e046d7

SHA512
e864fb785ae919449f9261f5859f983f8cb70abd8f480c9a7217c68d7b56516992c02df83be843bd28da9574cdcec3cbd7c12cc783fe3fda99267850a24ef17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
2fd0f23af7cc56f0e70b26f9068567cb

SHA1
a392330a163d7bcce15089b8df47734ad8a5bedd

SHA256
fc4979946d44e1fa6bbaa1ed2bc7e17a9f2842f7cfa4e0ed0c54c8874acdd464

SHA512
f0901c24037757d9efea48499cdee7709722ae1761d86439c77d9037d9fc3a783c40cc5495288abd23c50754184ac5628285f8382de45e8c1e6ac091113a2899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fbe4.TMP

Filesize
204B

MD5
3673ef1a95bc041e685cb1fab237a821

SHA1
96ebc2ee2d9f5fb9caf9d135e65030c82930eeca

SHA256
766bc0eb78afc953a911c5861e4bbf77229bf347b7438a445751db08d0e06d4c

SHA512
c2ad214c8ff4309036613adb09ffd325968e76191e93dbd3a4bceffe6559bdb0b6d660cac9d41cf5b79010d959c49ffff2a61d323d29e4990906bd2ad566798c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3c790a8-b349-4e1c-9a12-923f3ca38abe.tmp

Filesize
6KB

MD5
2c18267e8d171b2164e68fb91c88af9a

SHA1
cb16664961bb2dfb9c0614dddaeeb0b10e2fceb0

SHA256
140360a25aa2d21c87818b40407fbea5a5c8c6296c551538b8134e0a8e1c9b34

SHA512
0cd00f2dec449afc95e8a18c75790be36e90c429eabf9498253f736a5af997ade8bf032afc1fc215ed3b35698ab240df3053177d33af8bf4ce507dbe0a6e2a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2fb9f5cf1e76f3dcdd187dc0f46c4ff

SHA1
cfd82076a925b7d41fa40793c855c50007e4375d

SHA256
686365cc8a116a19a63b9a8e3eb1c9a3f374bba3d0f50e4ccb8fc8af7097b890

SHA512
0fa13c73d801bec0d4b4b54ddef53d4a6060df9e6b926df5a34869e20731662455be69cfda8be10158aef59372af3711a4ad469c70be37becaeaf31f9ef225fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit