hxxp://www[.]elautonomo[.]es

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2023, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.elautonomo.es

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4460	msedge.exe
4460	msedge.exe
832	identity_helper.exe
832	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 1980	4460	msedge.exe	72
PID 4460 wrote to memory of 1980	4460	msedge.exe	72
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 780	4460	msedge.exe	86
PID 4460 wrote to memory of 4724	4460	msedge.exe	85
PID 4460 wrote to memory of 4724	4460	msedge.exe	85
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87
PID 4460 wrote to memory of 3480	4460	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.elautonomo.es
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa743f46f8,0x7ffa743f4708,0x7ffa743f4718
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10470515973041845308,1841231634590589850,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
cd367b096ad4c1cbceab141d5f3a2672

SHA1
d67c08f7509b207cb2033390934380722765cdfa

SHA256
9905fc5e994b27c570017d251766aa1679c4269a6927b9c18b0437fbc14419d4

SHA512
6ad32538aa4ae9258d5f68691eb3548994e32c825a47fa9df2741a3cf30f1eef9ea02c73db13e4571b58bae3452c90b92e201e78e922f9992d37555d95dc0630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f91f5f103582f16865857c12fba06902

SHA1
41e918a2dc250bee8d8e2e4af4bcd348ce75d74a

SHA256
8a71b4d3bb711c4ff25d123fae3ef987fe8e5ad67313f784dab71e60655e15f4

SHA512
e195aefdf74377921d83d6829e01226b2974996d53dd7f2a8bda3db5de42f62b20919742f1b2804be2a4e815948ea8dc49ee50aa1542131dc1f408a728decaed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7247352282ba35e26cf9b10ec8845f8b

SHA1
7619f90495dca24629339b8710bc218e1ffb8b21

SHA256
ab4fa12e9faea15594511b4c1249f39506e47d8bb4349e3cf2b693a49d206ea4

SHA512
5ddf1081b293f2e1d984511f8bfcde486f4f42a90aaa993c410704f41ac97016c1980009382ad50f03f1f1459f1481e14b5815cbcd8645173396a062692ad9e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a48d1e09b873b02c10b32f047ae902f0

SHA1
1032b20029965cda8a95ae8ef6d176726c98c289

SHA256
fcf397cbe361311ad8e662258ffe077ed65ea45652a2b7aa945781e760af7fd6

SHA512
0e1fc88425f00f481aa913de00ccc689eff2ca5e0973b541fa8bebbfd6103a4d9f8c7b09c88e7a12cd96e8337baa56311119cbf5b9889701380f86230e1c6eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a871c373929c479762f0b663873c6318

SHA1
769e316b1b2fd0a6a6bf92cc4e73d197546cf7b8

SHA256
f69a1ff3441884e76d6dcd009151521a1f161361943cc90a9eb08bde2e8809fb

SHA512
c66070bd8c5fd0ecb89001b5538822b75048ef38e2b1bb44e8b1c7497c239abe9373dc7beea7cdc69211d26cc8d9308a5a0cbffd0d5cadf9b9f74e9b7156946e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1686a0df094cf7a049ade0b8e4fcc86

SHA1
c9e585e0033a92e2a37741454c1a1e224d804993

SHA256
73e9ad4621ff705f23debd9bc5164a1bde57fda7c97d7c4ce28f90842cb9e251

SHA512
eab44267d0fed091cd7d92bbd80f7fa551cf1e470d119fc072ac2f91f1ac02b720ce0a8a895252fdc310a5c25c86c3f60c01c0ae49d36d49a312f6be050b0cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1f2a16708179d5bcceb9a3a1b4c89ef

SHA1
35651b0fbd8bc3609047cb3bb2100b62a842a337

SHA256
18aed90e088bf8bc8f7a919b2582a84a6b469099bb80a914c54f376330855c71

SHA512
5f2da430e993007d336947c843b0250b1e221564c52805c3825ee2d72a9f2b1f2c92a5198d3cbb0b1e699b0b1eee1fa3b124451e4dc26f184adecb42652de546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe57c61f.TMP

Filesize
99B

MD5
b5bb43d8da44e01c2e5dcf57fa6cc2e3

SHA1
91b85120856eca2b69045ebd7f1d53960005949a

SHA256
7daf62105ffbb689cac6bb9731dd400368ae1d2f072bcdef218e46eb5f2920ca

SHA512
4f62eba62fe1aee03f505570c5e9c3c8a438cfcb16a3c083dad4f26caf3dc5a8e4cdcdae207d492e44015af82c21830f5484f7ebfcb05218cfc85eeea3455d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
53b23acf01394c42f34b360ac935948b

SHA1
1819edc0e14cf9aa4cfca00eaec0e35737532c1b

SHA256
153524539c2f6b02faef7c3d949aa77d663b2d2366ab1247789f094ce6d3eddd

SHA512
93a4e982807314efebc51395600e40c75b1064c91cabc2a430e334b975cc8b9c5e78cecff1f6e98f237d315c8f0dada77db27a7160f5cb63819051b0c27a3f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea7f.TMP

Filesize
372B

MD5
aea23dc1bd964beadb55dd4164e89957

SHA1
29bac6cd1bf55d549ad83fc2ca8d7519a02cdb42

SHA256
bfd0058d8d0d93c09a20981c9c50a93e76f2b93a90e2861cb9dd04a91d2601d3

SHA512
1dc12959211f834e40aafb0762494d4cf2145041136467da65907109818b525e0a6d446f20ef7d5ed5628369c100a5ba051a74b67f2c882746397b918059808e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5fb43c25478c8501d844ac6ef9ecfa2b

SHA1
864170c042f620747743062646ec5b3dbcafaa9f

SHA256
fa230a7f0f1d7525f0c552a3fb9c5e7d14be7cc1ee2b667356d5ef40d8278be9

SHA512
4bfdf04204b8d720d31e86d5d22410a25800f643f8058fa0b9db8c22f1cf15a3821ac66068543eec84f48fef7039066556c1c1b842489b264ad649af16e365af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dc060e5aa4856b7b4b0288c006a55716

SHA1
f961e13ec5726a6b25f0eb88b76e128aedf49269

SHA256
6099d3b40ec74e6fb3312223e8a2b7e3457d81e21400cb1e9cc10bbfaa9b8f7c

SHA512
e36628210f3a8a8352af0c1edea476a0ca8a0bd2af14955574f39e1dd0576d5197118a4c16458ba1b95f390e8c5d4280b302abaef8cb0f3ff6d27e5a25a41915

Download Submit