hxxps://us[.]docworkspace[.]com/d/sIJeT7NXWAdGA_7UG

Analysis

max time kernel
94s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240802-es
resource tags

arch:x64arch:x86image:win10v2004-20240802-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19/08/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://us.docworkspace.com/d/sIJeT7NXWAdGA_7UG

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 791383.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
4392	msedge.exe
4392	msedge.exe
2696	identity_helper.exe
2696	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 2692	4392	msedge.exe	84
PID 4392 wrote to memory of 2692	4392	msedge.exe	84
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 5044	4392	msedge.exe	85
PID 4392 wrote to memory of 3204	4392	msedge.exe	86
PID 4392 wrote to memory of 3204	4392	msedge.exe	86
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87
PID 4392 wrote to memory of 1684	4392	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://us.docworkspace.com/d/sIJeT7NXWAdGA_7UG
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbacf46f8,0x7ffcbacf4708,0x7ffcbacf4718
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13484660996845516631,5921363177082309653,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a2dfc16b5a31b519425bf31911cdc800

SHA1
e68c006fd6ea4c0acd52b600aa6790dda667cf2b

SHA256
e291387a2d6500e71fa97740d0d50775a3e5ecc2c0f363a7d9c0893e855e4565

SHA512
bf034b51eed9756b073bd20278385c6d5c522b1f9b05a43e0123532091c31a34472891628109df41ec7eca943bdfb1428f3f20e8ecbaa0f823af573af01cd300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
4eefc5739935733b17a41ce6fd174b1a

SHA1
cc11a65f5bc0b6ac5005c84febf10194ced43aed

SHA256
b97b6df1d6937443ec08753af95c775411082e670b89a0714e0fcff59c455ff0

SHA512
2069c88b7185b476b6829abb70e1218bcc59a97b0b71c8a64941d2fde6c9c384ece51cdc13f7446a215d512a0bdf653ceb5257521b7abeca98362cad0b46aeb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9f53292105d23cc5e4ce78364fc987b5

SHA1
bf881c655af3e87737f9e5aa18cfe60fd8b1f6d5

SHA256
b1249a1cb4f63a4e25fc9119c39104f1231d52520e6eaa418a0a56b2b119bc6e

SHA512
13cab525677a44c7e332ce80ebb6d2af8d26f9bdb755b5289e3a493a32cdec63188a4112fef46895003dd5cf6f0af1ef23c5a8532004b2c5c600dddef3b9ef43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70751c7f88d4c698b69c05896feb45bc

SHA1
b36e87d47ff377165ab1d73f639170e0c01290bb

SHA256
96f0cfa3568a72fc3b52fa07fbcde5089e34d91b42d2d92dd605b28a4c267573

SHA512
a92a2476193a0b66298d071f5c6d7b1507aa04afe2c1e3e2fe88c18bb4bce1cbe3c0603201c1184c35fd6d91e4491f0796e6527a101cb87e43997c5b224517cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
56390ff7ee2b76de866addc9f1da9e9d

SHA1
6dd93459a96b09756050da758bcabe0a46b5cb7e

SHA256
25e80a341ddba4886e976329d8c011be8c98184c923b6c928d4a6bc2fe4f0dfd

SHA512
7c9aac57502282be3b57eabf1be103e92b2abf5b6ad8ab5e38e8ce6e56c7725101bb74f77854b4a10964f65015fa9b9b261bcfc16d0d008eadefc6648c3eba9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cc67049f997939696e0fc0ad0b11f7e9

SHA1
a18086a4367a9977bc8d36bfb88516fc33ab9b78

SHA256
6fb85429c0da7e3676c57c3497c5915d594fefb0bd46b1cc23e30f74c246a563

SHA512
47d1bb4eb73ad95be7877104f0fdfbfb1af8a43d3f480fd763e2fc6767937f1644c518e4481c35b0efd53dc33d5c6720fd62d4df91615137d0928489c59b0419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
badc1e1b74853bb9e45b3f2acdc03457

SHA1
581aa418fad4508c535477a6c64497a746670a26

SHA256
2111dd1b2118131a12ad6c396bf89dfd005299fb76268ea862e2a3ffeff1e2f7

SHA512
827fc8054ddaa2656e38cb1111decd7d30b125a05d250109f0e4e1cb079bf684ad71ab3db7d441fbbc268fee799f1e1a1de249404ef46780e18c02bb56f58bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b9889e4d62f6c0ce8b3f181a45287a0

SHA1
6e6be970528e96855dc9e397649defe694315537

SHA256
5ba27f721aa7c48727aaddccdc3ff6370d9cae6e184a2dc88212b66b834494c5

SHA512
321817d8244608a3d68ce5b1672b4adac6af328adb4060f38b557510953b159fa2cc5cfa0aa7ccfe76f46ecd042e66e4ca0f9e32ac5de1f024f1f021dd99497a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\74eaa770a6c6130d1fafd104ea3f3bb65c690b9d\8bcfb6c9-2280-4dd2-9dbd-ec38ace4065e\index-dir\the-real-index

Filesize
672B

MD5
f9e13429a9301a2eb0ad22d45878c632

SHA1
77c75646818afc4efae124e445846abc03d7be8e

SHA256
e9569507199959914a06e2dd72161773ad286a56d28974dfea2799007d4e355a

SHA512
71612ecc336a521a3b1bf450a792c630700dcedb126c9774e67d0337c91eadf4262e89f4ea10e8dd56aeb48af20eb3ea4779bbe81f45faddd1288b4cf8b52d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\74eaa770a6c6130d1fafd104ea3f3bb65c690b9d\8bcfb6c9-2280-4dd2-9dbd-ec38ace4065e\index-dir\the-real-index~RFe58948a.TMP

Filesize
48B

MD5
9299d0f979782a4c7915c0c496d0c1c4

SHA1
a687607bade521e7e0609ad8536acc939a95d7a1

SHA256
5571a68edf66a89efea190cbd7be561076c5e928b9a43aeb41becb0e678ca47b

SHA512
b40f3ddfba0c68901c600af09d11717539e3a056d7507fa0b2aace12f460bbc799ca900bc831d13f5946878fd076fe5f36a79f699ea4deca61173fdff3c3e527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\74eaa770a6c6130d1fafd104ea3f3bb65c690b9d\index.txt

Filesize
117B

MD5
664d71b6e2f447896abbee43c69e9423

SHA1
bd9733b6374789710b4ab3f94c95019c6edce861

SHA256
c1844ffb6d6fcd6a6d7de2b0a035a4dc15133da74eb80295e8d4fda9455ba39b

SHA512
1d0971b49bac5a2cf0df010747af78dbe77354538f134307c7147fdb1e61cb889637e9042205b2d858060bdfdcf18dc2b249d8fbbbb0414fa3978accfbe98f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\74eaa770a6c6130d1fafd104ea3f3bb65c690b9d\index.txt~RFe58e2e9.TMP

Filesize
121B

MD5
b196f1b5e582c1e3966e4780e6a251ca

SHA1
54f2fc664dcdaad577130e0c4de151819e7f2335

SHA256
c78aef0cf989ca4869c7e4f10ac5846ffb48c05d51d84bed8c051837d756166c

SHA512
393ef3d0a373158ca87a28b840f768da083a3083b006e0f2979326500834e110843eaddd357c26b9adc542dccdae93da0ad08ad1783b33198084be6a59a13a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3f189ff6be222b423631348d188fb941

SHA1
a93916be87338ce0543019a327b17c1cbee760db

SHA256
057256220b254989a291fbec83439b76cff34271dd2ab2c9f9e3ac25370f8ac5

SHA512
70d7e6df2b97d00bb4b69b731e6bca1e8f1e7fe165b6ce46af55086b604c1dd16066833e318cb7ac7725bde5f5800750997afb2875eb35819493e38815f38a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e2ca.TMP

Filesize
48B

MD5
822ee31105c1468488f43d837731d4ff

SHA1
d033c8136b691e4cfb578f10e5a2d624234b4a3a

SHA256
3b21cc07c7d7a3a399588dc46a8a1b9f86fac923ef06fe197b9447867fb8cd2e

SHA512
fb49e2d282af0b56a76e7c3bd24fdd483bf39fa385bd42c68919792e46db2ba2c5629d5c1e6d79ea38853baf330a2f966f5787e0b49385cb3ff0d49a1295dc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
71f7d17eef03ccfb8aa8c0ffee595ad1

SHA1
8861a59ac92cd8591847fb08dfd98a3b056dad18

SHA256
3579b9324c08893b17ce7e72158b1e0112c7dbed935b09582bcd33efef61579b

SHA512
1a12b9051d0038b87a8043bc4e19504a8fe0ee25ca458f11b1cf6e5db670a978150b7277fd6bb88a7e580581a22e70363f283b5e6fe12a82c95dfc4493306d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
6a87e720af150c31caaf0810ed3e6fc3

SHA1
f15bd51e1dca848a16db26bf553d5078613eae1c

SHA256
9f92ee140db371f3662626ae7607c5d17481c5c4bf1d5a14aefa95cc9d8b2dcf

SHA512
de33ce4f76f567dc15a235ed3cde6328b97cc05dcd777169e9b0dfcd39e54b0e0210e4f9af43d0c7282a668d5a6b4230e7c0d035b176b54939706b2b1101edc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813d1.TMP

Filesize
203B

MD5
6c8459f0dc8fd78cd036f8df299f69c6

SHA1
06a7531e56ad9ca8413e25f88bda7e0da57f108c

SHA256
9f10aa58d1eb30a64f892f78fd3768d8ed45fa23c3d20938138560b57e5648c7

SHA512
21f313714582bf374ff33189b13bae8362e492b193e7d720be791cc2d4020c5dc09c8be88b4d4097b67c7a024aa3cdb50ebb5207e2e30be6d23f285ef50db19e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e18776b448a0437b606fd2afa6b0ab6f

SHA1
37d0ddfffb6e0013a5feb884b2bdea3907f1a2b0

SHA256
b0f6c47fbc48e306efb78c0240b264f9b31e587502fa330040a13df0d873537c

SHA512
e2422368fcb38a0193da0077446f8685b436f7435b10174437e4da52b7c7ddd1127fc54b38d1aaf47979eeed0189b0dcc3ad045887a249b1b69c48434568e368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
818ad236da9527ff518bf741533d7ff2

SHA1
532d920041cb936c4a3404d21435d45cd441feaf

SHA256
4346f3119c80e23934abb0a98d5c8f4a264113d351816adacaef0444ca109ba4

SHA512
65d30c65a6f400f6810ecc893de304c0313aaba1fe042ae240a72ef56c346957feaa9d6b48b4f05ed0a4b9f3c72ac9b1c08ba380e3d25eb86fba78dd26978b3f

Download Submit