hxxps://linktr[.]ee/signsconow

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linktr.ee/signsconow

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
75	api.ipify.org
76	api.ipify.org

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4708	msedge.exe
4708	msedge.exe
3940	identity_helper.exe
3940	identity_helper.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 3728	4708	msedge.exe	83
PID 4708 wrote to memory of 3728	4708	msedge.exe	83
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4572	4708	msedge.exe	85
PID 4708 wrote to memory of 4500	4708	msedge.exe	86
PID 4708 wrote to memory of 4500	4708	msedge.exe	86
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87
PID 4708 wrote to memory of 4012	4708	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://linktr.ee/signsconow
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdac5c46f8,0x7ffdac5c4708,0x7ffdac5c4718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,5884879479788687868,12845547025144933252,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
9ae1e6e663ed3c26497d0d33e1eae8ca

SHA1
4ea1e005b66176596d523b205f79ce9b84005ce7

SHA256
331d67ca14201b52e1b34644ab8f5505be880aa7f1f5ed2628894250121e98cf

SHA512
7461155fbfde3303641be4fd67afa7d3b8451bdf211c0911a3dcff55b224f7c92b90b1ff3c54dcae9af06c1cb2aa1107daba165c50fe29eda97b498789358f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88ec9403ebc525e35c69bcd22f7c1667

SHA1
258ac3d419ffbb901ad6ad7d8746773cd3fbc53a

SHA256
a7fce8cbbfffe5a8900a6e1dd867dd2843369f10de484eb90a0bf177ada15bea

SHA512
450f4258180fcd9edc23d43248b6d4512693ece7c50a8c1f97342b332de8c03db7b71a94be3e12824f4aa59adb16159ca6fa64e7e8c5234186c0c045b475f3e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcb2e38048897beca177fcaaf5823cff

SHA1
5d278a45ef31b068ff986cb538177a0bc4ab589a

SHA256
541cb26cb89a3b41aca06544b24e7827e32868bbfcbb5efe692dff8b4b916d03

SHA512
bb6087e311f606b9a3dc807db8f4aed250d8847fb0f041ce9ec5865d7867051a7242058d9ce07a474cfec63c7b83711718cc86a3aa0e9b3c5bbe89b917cc0f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
648153e0695c6e715ba76babfd8bb3d6

SHA1
f94a5b453e903b3815e20b84eda253a16d6924b2

SHA256
5bebb5df439a6a913eee0498214abf47df29819c4d61d59c484e6ddd494017c0

SHA512
c9ecf38524b9ba0ba3ddfa3e94de6ea31800e6a22630e9733fed431f2b463e1231a771e51bfd2caeba3dfa1ce8739f106b4bdc46dad3db25fb0faa86ad10a8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f854ca3a9c9e07769edba2199bec1844

SHA1
ddf679bea8aac5bca9b632b09fca99dfc4ca1bbd

SHA256
e8178095b6a8c792c761b7db593e868f9f6ec1cb926e76b26ee2f9e5decae3b7

SHA512
bf280a62cf9ea06e5ba7f9d81d819f07aa7e1624ad7d82015bd34b4e50c5c6e26884c1a5448bf0a9add527181a2f9703f08ac8963b123952c12b0c1bcc6c42de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fec1ce990382593666ff0e7e2f1765f

SHA1
a249fb0ecf20650bfe9a71c4c9cd84d55fd4768a

SHA256
d3fcb71c74cc3bb46a1b672c136d43a7ff94f3337fbf122ad3d26ab72cbd9c8a

SHA512
3d0721549f5decf7a9958e3e9e9d10b54ccf36352a6c43bf2f2cb9897c245f76fbde78121de4b5d747dba4383caedc9d37095f7776be96f5ba9c8f884b4769c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58628d.TMP

Filesize
1KB

MD5
71ca6088e39de667e4be3c32287439cc

SHA1
e743899657969fca6c2873eb9243840907ee4f06

SHA256
67aa2ce09b5925e24cdc89bc0796fc311bc442cbc95e5a9e0d3ba6a920a8889d

SHA512
32136476fdc6fd861ee533a47e8787313f792bb54c8834d6b57412eedb5169454015af21b9e89e69d19c5f267eaf321e44885343d1212c3a0941ec5ce9d9d46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc936151531ab53db3c121498db007fd

SHA1
f25ac0d61a2c658295e2ce19c01a064f154960ef

SHA256
9cb0cc208d3f9565427943cb6819a74b21c5a99ccbfb3e7d2ad918c2bdbc3da9

SHA512
79d899230e431c649fbb3c08a52e65684ec60e03addbd724d8998bd6c6f013e64c20fe9b2da50c778cd608e95988a1f294f43826c23d0986d26a0eaf214b05df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit