hxxps://elink[.]pritiinternational[.]com/vtrack?clientid=183984&ul=UVAEBwxWGAEZRlZdAg5RGVVQXlJXWHhHEUBaBQdeDhsFDF9NEkJLSU0C&ml=XFQGAwVTGAEZDAYBHw==&sl=JhhzT2AxGGIoYU9UDwpWXBlJQlxMXVFdEFdDCANGC1oIAl5NBV9aSQE=&pp=0&ga=utm_source%3DNetcore%26utm_campaign%3D20%2Bjan%26utm_medium%3DEmail%26utm_content%3D&fl=DBBEQ0ZYSx4VR1pFCgpWQ1JLXlRMXVddBV4fBQ1fTVYHF1MPCVdCUB4=&ext=

Analysis

max time kernel
112s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/01/2025, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://elink.pritiinternational.com/vtrack?clientid=183984&ul=UVAEBwxWGAEZRlZdAg5RGVVQXlJXWHhHEUBaBQdeDhsFDF9NEkJLSU0C&ml=XFQGAwVTGAEZDAYBHw==&sl=JhhzT2AxGGIoYU9UDwpWXBlJQlxMXVFdEFdDCANGC1oIAl5NBV9aSQE=&pp=0&ga=utm_source%3DNetcore%26utm_campaign%3D20%2Bjan%26utm_medium%3DEmail%26utm_content%3D&fl=DBBEQ0ZYSx4VR1pFCgpWQ1JLXlRMXVddBV4fBQ1fTVYHF1MPCVdCUB4=&ext=

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1248	msedge.exe
1248	msedge.exe
2112	msedge.exe
2112	msedge.exe
1708	identity_helper.exe
1708	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3520	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3520	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 4928	2112	msedge.exe	85
PID 2112 wrote to memory of 4928	2112	msedge.exe	85
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 4732	2112	msedge.exe	86
PID 2112 wrote to memory of 1248	2112	msedge.exe	87
PID 2112 wrote to memory of 1248	2112	msedge.exe	87
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88
PID 2112 wrote to memory of 4220	2112	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://elink.pritiinternational.com/vtrack?clientid=183984&ul=UVAEBwxWGAEZRlZdAg5RGVVQXlJXWHhHEUBaBQdeDhsFDF9NEkJLSU0C&ml=XFQGAwVTGAEZDAYBHw==&sl=JhhzT2AxGGIoYU9UDwpWXBlJQlxMXVFdEFdDCANGC1oIAl5NBV9aSQE=&pp=0&ga=utm_source%3DNetcore%26utm_campaign%3D20%2Bjan%26utm_medium%3DEmail%26utm_content%3D&fl=DBBEQ0ZYSx4VR1pFCgpWQ1JLXlRMXVddBV4fBQ1fTVYHF1MPCVdCUB4=&ext=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e6ef46f8,0x7ff9e6ef4708,0x7ff9e6ef4718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,419754571706159499,7696198825967454709,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:3352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
60KB

MD5
b145c1357eb028397bff7a38098b910a

SHA1
ff905aa566aa5054c622d31c1beaf5234e7c2d62

SHA256
682b3f37e4ca680de6afb7647c27793b4c5f16c4d73a816c1265518ead6525d1

SHA512
d799b3be705984f4e725a364b47f1f133eceb0bf02dc1cc94d6652d409c6d11e94a4ecd6e0669c731bafd51e160ff922dab59e7ea408873b4108e0e8524070f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e86753e220b6293bb98044efac1e31d7

SHA1
5d639be1a752435fb87f7c75f60560237b440175

SHA256
1d2b7c82b6e56a4483226a768b31cc424bc08c571ae999399b67473cecf0cf43

SHA512
cc2fecdc5e084b7019209e5568758bdae4c0128309d71b17593854102dd9ca24288b637681f0f7366e4f2da48b5a0bfd3085aaeda3b46e3339b7fc94f6812be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
82a2d82785f6ab309671cf18e9b699ae

SHA1
646735f19f2fec5e824a64e313787ed68c3b2039

SHA256
fbcaf2c3cc4aabd68917a53dac09bc273dfb94c1e62641f48be170a24adda832

SHA512
04eda057ef7c2c5db746e63d23b711b95d860be265df1209a6aa480fb3e411d60568fbc257d93a7adb5cafd7d45d21feb576f362e96e1b48c22fea5b4cfbdf51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5e2117789d2775ad7c2d5ef05597b21

SHA1
b5c9166871b4fa1f0a870a98e3268595dc618232

SHA256
0dea864bb057089c574c3c99d263b2514bda774b9cfa60c35fcf69997a1607df

SHA512
fdfb6fb576b19366bd1c37c3ec8b7d9d449838c8ce8dbc0d38b828c9a968a06e88c4f4f7166a0213fcac26c1dc7df5401ddbc5ad5e609cb5c72207c6311c8b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
961a43687b6ce0a9f734d1229250f7ba

SHA1
a413d5143a75b9c7c55da5f30813e2f5d58e1bee

SHA256
285ce1cd34b014b1fc2e83384c221e7af05d22faaf62d1ad326dcb77c0529e03

SHA512
f6a769ab5ac71e2168dc6b466ab6d92d63f13c32bfe5b4120733935dea329d257fce18e4a62752bce97d1b4830e858beff9e86d54a9d24b2c93b551ca638453f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e4ef54d6328013d6b0ebd65694f117d

SHA1
d70bd06736eba470df483c0fab543480b47d033a

SHA256
d08a0c2a5553d7f7829ebd7bd245842209da4e55e67c844c7b367ed84f9bc44c

SHA512
90c963596146ded910994a8f94d4e3fbaf99af3be31bd405935679abbedb926a7dc351f9ec3e230c387f05aa262109d429a9f4f332a774a0d4ff40805b820cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00ce3cc7241146f334c33eb81537cbc0

SHA1
307b1c49f5a8d233bc2c436966bbc2afce8e62ba

SHA256
a5bd3599b64164041e4623028dc5ee8108d4751e82f245d7698d0c7c411728fb

SHA512
05020aede10a2d5ee15acc69e70b31438cf7f308e2436b84c591c6a2c6a49e9ea5c24308956b807cf6adf053756ec20a048d35bf0d62ab5c4014132b39caabdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
6efd80ab157efd235ee7b395c2cb7073

SHA1
afc0f6cc2b9cb0e7a208e29ee63b73a0af290b15

SHA256
dbe551e4aba23f810e8f37d3d09c82ff1e84f52ca40487f03aa170e6a19c1f5c

SHA512
9f16684bf66091b47d15652ead7538a93b86c4eb4aaef61420bbf452d8260974747f9db9e0801110993970d67ccc87633063dd8c877d42eff78027d12729ce58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595ea1.TMP

Filesize
536B

MD5
53706d00f2b2d6ad1c9fc275bdcc6005

SHA1
e098f28f1cd92a27d3e5007ed5dc51da78c8e29c

SHA256
c60dc670c08c43ee2947d17a498942b12c8984a2f659e42e91d4779f3cc93148

SHA512
4427fa6bdb60de2d2127c243d518d6937c3025cd927572ff154b0e0b3887ecba24297de0aae2ed1732979a3b8b0e65a22d78e02b6149ae821fde107b895c64dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4cf147c28e36a2fe451af3d657f81a8

SHA1
348c6a619d9f2b578bd17935e68fc8eb3611d767

SHA256
88082c69e8424d814ad79536157e0980fc81d91967db39442377fe3bbc9d08df

SHA512
e26b809de79bfdee7ec4b87d6f1b1795a5498b99abb8b52c975315e3bdda16dc2a9dedb2791a25a6712d00a08aa96df85a516078cd86487847e82827e78a99a4

Download Submit