hxxp://tr[.]lnkz[.]info/l?t=grips&r=Z94SmspukaGdyCYDdxBkhB&c=4fVGwKDDM8s5CRMdVd38eu&u=MllTQF1eW1wcVFNeUV1cV0ByQV5eHEFX&l=CQANXPKVinjnqJzwrhydyR&p=karolin[.]falconer@sll[.]se

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2023 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tr.lnkz.info/l?t=grips&r=Z94SmspukaGdyCYDdxBkhB&c=4fVGwKDDM8s5CRMdVd38eu&u=MllTQF1eW1wcVFNeUV1cV0ByQV5eHEFX&l=CQANXPKVinjnqJzwrhydyR&[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1516	msedge.exe
1516	msedge.exe
5012	msedge.exe
5012	msedge.exe
1276	identity_helper.exe
1276	identity_helper.exe
1276	identity_helper.exe
5480	msedge.exe
5480	msedge.exe
5480	msedge.exe
5480	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe
5012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1048	5012	msedge.exe	84
PID 5012 wrote to memory of 1048	5012	msedge.exe	84
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 4700	5012	msedge.exe	86
PID 5012 wrote to memory of 1516	5012	msedge.exe	85
PID 5012 wrote to memory of 1516	5012	msedge.exe	85
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87
PID 5012 wrote to memory of 1416	5012	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tr.lnkz.info/l?t=grips&r=Z94SmspukaGdyCYDdxBkhB&c=4fVGwKDDM8s5CRMdVd38eu&u=MllTQF1eW1wcVFNeUV1cV0ByQV5eHEFX&l=CQANXPKVinjnqJzwrhydyR&[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c45d46f8,0x7ff8c45d4708,0x7ff8c45d4718
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6683576322940628232,4832775932468747053,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\068a4ca2-e92b-418e-a024-fea3d6906f92.tmp

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
284dbea64033c16ca37086bd01d983af

SHA1
dd3b0bb149b5ad7f8cf57025e1307ffd9db2efcc

SHA256
388fa068bb971418d2fb3feeae40e9b661ba08106aff5cdaabe7dd6bae44ed57

SHA512
8cd17616babf5001021d3886107ac519ee627118fd008cfe565c3bf080bf7bab6a720608e6b9f3a8e24f3373fe5d2ef5303fad95c958d24aa7acac7a774fb738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a447f059260eb5d787125d917eb9a264

SHA1
5ac19b11661809e61e9c3ef02c9739705a5fe756

SHA256
b03e78b69239185f147c4c26e31ad54ee7eb62351a6bee7966ae4fb8aa5c8e51

SHA512
b844ad8fae7c917db7da0044b6fa0ae73bb465a462429461ab4bea4008bf806d537062cf07ee27ec165722d15bee7f4b8f80cb1670213dd21a77023a8b157b9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ea61d127fb6b56e7a581dc181139b8c

SHA1
ed714848a8ed3906f9901aa1ffe1942671cb1a14

SHA256
96a8296fba222616e75e72ea111381a9f7095e40a33ebc52c2d728c52b65f211

SHA512
47caaf6e5b55a382e84dfdd8afade65bb190dfbdf8743e80be2ac7ef0d08a0ec80c443629b89d089a90b339e77a3542b31aaea9eea34131874b7ed312f6de4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e16a9c1c94fba00bdbd97ebc72174efe

SHA1
d15d5bb358641d3f10f01f9b0c40a7575759ce1d

SHA256
7ffe632ed1624eeb39cd1040a7e4309355f723371aff8b02cb7b7cab0539b2c2

SHA512
803d0b9e891227c6dc9f6ffe17feae84ae4d5d8edc8e0e7565be1dde41d6d9f05d5d791df93090f853d207ad34cb113694cc669953c2180653d188155a3d73c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db2b0ecbe2a53845cc468fbd02e4c4ce

SHA1
8e6cde16554768cd25992506b44a6e26b6add2ab

SHA256
cd65e0aca6652a293a89047a27bef4312d8f6bce0e34142c4ae6671c43d2d822

SHA512
1fc0963f9e7311e773ff13ab4b1b7fb13f3d3ae21a1fbac216cb28d49fbae6cf762287901b6776da666d6592175371ad613b3aa61b95a5776fdfced8ebf96d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
9b2b025257e4c4b0b15f55bbf15cf83c

SHA1
6e47a7b890d655d0070f8856861f71ac4d10c77d

SHA256
e020e2cec2032710061372fd39b903a447ffdb7914ad5a7d0d3ef6f9a1654bb1

SHA512
e2f635dca87532380d946b2dd964e692f1419e84d54e06f83add164955d0a0be9824d5235c4535856d0eb6a92ae0af97327b7a3d64bf72f3b181212779e4285e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589a76.TMP

Filesize
701B

MD5
5920d20b5e8ec9e64d8b05a0bb42e021

SHA1
06f6764f18487ec42f1d0cd6f4817d24da40b578

SHA256
0fde903e40fd46bad2e0ccc007bc4bb66374d1d7c757b3680f431f6689865657

SHA512
efd380b62560ac2fad1e84f80ec87ca874f50a8ae4be580cc5ed0c0e3aba545743467f0dfd2eec089349714c6cb2de348448a96943bc7dc309ef5d8a1b3377a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0f6d69d188cad0ac2b28619e1aede2cf

SHA1
978d54a227be686cd54cc88fe4a26f73acb78e59

SHA256
7f1e32d96ede2660bbf4c26102d8b6ff92fabad161f7bbea7eb721442219b92a

SHA512
32e81140c95e284f06a5e70d0ee684a447d21429f64d20324b4e1dc4aaaa387707d5209f31b43713e34a937efe42c2c9cf96df86728f112b1f7d1cebd7177293

Download Submit