hxxps://workspace[.]google[.]com/

Analysis

max time kernel
343s
max time network
397s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
28/12/2023, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://workspace.google.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
5700	msedge.exe
5700	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
1660	msedge.exe
1660	msedge.exe
4076	identity_helper.exe
4076	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe
5700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5700 wrote to memory of 5304	5700	msedge.exe	79
PID 5700 wrote to memory of 5304	5700	msedge.exe	79
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 1124	5700	msedge.exe	80
PID 5700 wrote to memory of 408	5700	msedge.exe	81
PID 5700 wrote to memory of 408	5700	msedge.exe	81
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82
PID 5700 wrote to memory of 2676	5700	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://workspace.google.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7ffac3263cb8,0x7ffac3263cc8,0x7ffac3263cd8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17604993451614240247,163568047112748878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0307d75488a9def144d0373178e421da

SHA1
1e4351dd4a29b6340913848163b4df62628ad06c

SHA256
9e1bd506806510408dcb9d5e1eab6672d905780282361f2b9974ab9a9ed1ab9e

SHA512
993dbb0491352352ca89542922df735fc7b3cc0d14a4790f106c25ee9fd616d0722151d05e045ed5863e56b128c3308a561b958bbf5fe3bb87498e8a6d12a50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
473KB

MD5
db012648feb1b675c843197068b96354

SHA1
f9298331818bddede58c6cbcb651709d2a4e95c3

SHA256
bc0adb7357c17f3e561bcafbba6041d87eb4cab39a3c45a3b9bb4dd112a08d0c

SHA512
0f4a07033ab14a7063e6dc3d1efc4974d89361224444eb57e8bb3ca7404e78bb9e6661440be949b59d79761ca4823aa7174ecd78d69674b6d45a5b6f35e67db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
0764901b3c4c52206a4ea9e4a3d3a10e

SHA1
6fdbf3c6e8f2c4b2422bf7b57907493468f6bba6

SHA256
1e8b44cc1eea683bfe4de7548d70a0d5864386b4d1671d4c995028658d3e0b80

SHA512
0a26ada4d34bb8c922739eea1bbd4d3c30c00fc4545e095cdb914c333cb10105ba690847e290e18d149f07a52d31aacbd3eace6d36651e3adad06b37d83a06a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1b6fd910fb75877d26f3137ea0300395

SHA1
58548b49dc1d92632a1176b90697c737ebe39705

SHA256
db13dd8fa6d7cd28b3a69dbbefd845e02eb8a71fc98ab83f94b6a76629e8a118

SHA512
c3057baa3b6ba3876ee3ea2c2bc52e092cf17075a641a1b21fbed75dadccf7a42f802e035d6f62a96b39a40f7f00295eb9bd7eb11355e6339fa0c849dac96b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
31cb458d4863c0192a236e475f202796

SHA1
7fad73aedd31a91093807ef678bb0e8339e26512

SHA256
56b91e014cae9c024f3dee51c0594918a4f1212ac1960d02abf09d8c98970223

SHA512
714e703a136e5a1363621ce867a467f12d14935ca79a2fd355dc03e3f65bd9b0fdf5b31948b0e81541be3391862d78e8c287a7db97dcc70c0287b0eca46a62c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5bffe22bd50415c7b8fc76a94c4b2a3e

SHA1
a49dd6e58dcccd565f6cc823c983f22e22b76297

SHA256
2b6c32ac8a670fcccf63ad63b04b36bc7dfc56ad21e6f30c055b179bb9c836f4

SHA512
33ca4281c85e8cfa552b75171bdd1ac73d683fbbd297450db743a638cc6d85ffc3f1a749b0d152ff3ea1f8fc0295ec1c6612dad29999e48f281c3e0656a5a2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b1dbe70858e665966605fa1ed2a09623

SHA1
82d4706962d97742c64f825649c8253c375662d6

SHA256
15f2ecd73f7d6f8e03554aafee6d6f80effe9ea5dd0679c089a6d0b8dfc68444

SHA512
e4dc193adc33af5441456ec84255c48752e93f43a2df9eb31615dbc98b754166513abe5e5a11842eb7e6bc36e7a06cb76aed3ddd6b1bea19edd67c107c355b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
18fd6d7935eaada437a252a790c19ccb

SHA1
8843890af8739af63a1880f75c208959dd02f078

SHA256
7c7d754b1385b046bd95757a90deb467ae80899018c543c2ca1f456112ffc6e1

SHA512
00cc1a1a82dcd3f8975a7e20cae28d82c4b36db4547b94ab55f368820650e3ab51b9ee1affb01358a8c5b303eeccf87128a35d7097a44c1af24b684246821ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
83b5948f6e8fa25ef37e51109cabe761

SHA1
743efbe6a20e752eaa0b1c2b192b7396e5d7e586

SHA256
a6732747a60e09c8ba2ca2a620db7828cb13232dd1b4819c315d8db2d5ecc8a7

SHA512
e7272aa74d23687b9d9ba2078d51af8b42efb060ca36dbdcad859c4324e228bda4900832550e0e589a60967703315e4603ab6a0dea693a6b5142f14220c57ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3ca16a1dba5823a75f4b22dd4ff968b9

SHA1
7e16e773014477aace2d9af986c4642b7e0e6295

SHA256
74e475de83fc0c415a9f60e8a78058e99025fa7e49c0c6bb679ca60d34ebd014

SHA512
5a3ce4e14677918e6f66c9b97ccf713b384a2186014ac99d017e86e2fa30fd0fbb893bd5ebe576f6beda69cce65e21a24d1d15de643529bbcfcaa791d41d56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a8cb1a78f6842887cb9e28cd06379dd

SHA1
00d185cefb63d3bb986caab278af754ac99d2af8

SHA256
4092bb36504583f646aa9be8f6c33d226a97e423b1b38de6ef40c8fc7c27092f

SHA512
f4a848eee69115ad12b557658deafd678a50b1c8c0ef1c3a1bb3ec1e26e0615fa43e52c343a2dcdca313088781851e7f4fb5aa1705646b4eb49f7f601145d102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f73dfa9080c74500c1211223fa0038bb

SHA1
c03545a636680b8329cfdf7e60451acbbe7be6e9

SHA256
b92167bc00cf0f5334d819058e61df38bb31a57ed176085a994025e62b864dab

SHA512
645d6afd6bac077e9faba3fb98523242abf33288909750dba71b5091695a206930a60b39805b08714adcd779c0235842f816c8e580e34da0359e48248fe88ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ace84d2f56d99d6b3318537be8d125b

SHA1
7af20fccd1505637d77a87fec53a4fd8a6f4583b

SHA256
db39a394c432581c6cf5b2d164407cb27af4d998bdf437ca43be05714dd95aa6

SHA512
4317898393123fde58a8604cf19d1156c21e67af8fb152c05a41ac10ae6e26dfd88b856c058a64f57d47be023d7530980f7caeb359e7ffd60a59b83fb3ab0a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
1f7ffbc9f34d5cee842ed0063f50c81a

SHA1
eae152132fbaf1c50cf2d7609935c8599d0e4bef

SHA256
dd7065be15eaef4fc96ac8c5f7e8945bacbaf6b5d255ff36d4aad2c637f1de0e

SHA512
3616d5d73a4a5cc31beea45b21b77530b1099f7e3acfe64ef5ad93d1010fe3a5bfa55657d522eea791b82b00916b11bd5a4ade6403201b844fe3908b10f49f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
a9b06c80f25cb820be656da0dcf60c90

SHA1
ca12d7c5598270ceda0aa7c3d690ec9fb9ddaefc

SHA256
d7cccd8161c58f892155b3c3b6c1ac6bcce7a98d98e7ac55cfde32b6c6d2c380

SHA512
daf731e84b80d620910d0f97ef5f46ff9824b17292e61a71cf19cd14138aae3a02520dd3998c7f37967a4aa23d116c48c8281d8777edbd46d74dbb0a03e0b575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34ecf2e7b3380dfadec52aaac421dffe

SHA1
9461a79ec96fe0f81fc0dcfe9507399e3817a417

SHA256
f0f27f855987744de8c3d73b8a7258bf5e3966d220a8b04185de9217aef1b877

SHA512
853580f7bdcf66aeb1ba66c08a5e6c304321468efa602e4f3cfd956058a081c476db41b6f5678c8d1f711d440b039e1aa6ef3744eca964e69d5fcc39d8e5bdc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d3c510fac850f3fa3dc68a21c0616edc

SHA1
18c31e4a961eedbf4343ba4b257b1c19fd001989

SHA256
75f82a03a811adc5652c81a597f283d392c2f6d3e6767b66d549a12519ffeea8

SHA512
63567a69143c9b21b8c4887b769f54c9992e989fc0d736da118dc6096822f741828b405b3458e6f8b45795cd7055d353dbdfef43ac3f35fa3e4eacadff5aa73f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
866B

MD5
035fb4c8612e45c16e280451ec1f65d0

SHA1
09cbaf7a7d1775b06058c3618a406277fdfa2da3

SHA256
265477d4cdfa09134b5a9c527c853b4678dd208b762284ac600ef67b12bb2f13

SHA512
b34e6bf1614b1aecb30d559327c24c5a9ff4ebbe5ec67e10737d9c215090d87826e81996b0daea03b6ebf5a8b2e5fa696f7fd9f48ae6eb3fc113280aab5f5eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
8298c7acdee10e904e04d041c6b96dcd

SHA1
acf4312ea340cc604b0df7e378066dfbd86ab036

SHA256
16f5619c5eca68cf3fa2a755d98b3fb5ff84e8911a3b18bdeb62138745eb7f10

SHA512
94db376164b5ce7632ea9304cddad955ddd6a1351c9c0cdd088f4e39cf0b6201b3704d51b81b123fb2ab534425b749f70c81efa34c4462df7b6268bcc2c8b89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a2348.TMP

Filesize
203B

MD5
e0006f3a51f30cb5b498f4694583ba85

SHA1
c5dd6c0dbe5ab962e55a75a036bd5f5a8169c2a0

SHA256
83d157639b8125a42928151ddfa80d19a4eddc01bbf2413cbb16ba93e471188f

SHA512
7b2ba7be5d5379e74c8658a5cac79638d1bf08b5f0c6a2c315d7feab4c55c341aeb42af3ae3d23a708f4ef9abd81c9a558058f59bc10f3dd64fe718ec5fc6718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
0b6267b631a17a6de54bd8bbe6766fd3

SHA1
48b50b01114c193fa1414a02ebcba08f75fdd39f

SHA256
6f51867c721e443f17a483bacea84d7dfae0d60257a14779d203cc057cc99cc0

SHA512
7476a2a35b239b92555eacaafb9f250c38f835a4e0b5b765273b5eea68eca736a88d79d967da8fed9f586d3611ab56a89e99ed97e25a6b48a14d0fe768e81208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
93be7e51072cf2eb33eb0d11adee60a3

SHA1
95649c0c492a8ddf4fe5d3828f9180a137ee14cf

SHA256
41917d07bfb7ae9dacd8af2c30bfdfb980bc0aa1d49abe427baeb3c89951ba94

SHA512
6f8f34c9b28fce1bccd358883799fafba9be51b89e35de998de902601ce26fe860ffdb73177090a9270fab02c18c30d686ecace98547c55e6ab693f3b97e3b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1cac27feb91c721272a91882d6fac02f

SHA1
46fe6ef40abd4a54633c0d4918c566ee2eb9c7ab

SHA256
087e97fa21234f74bc246860f57283746397e666f6a7d223b6226cd5b829a1af

SHA512
ecf3874570588ad33a8ed28baa21622437888932c154512728f1ff2131b0a8f780bbf58c0abb98feb5a231e8c28f4e507f54ae378841ed6300f88ae04b64646b

Download Submit