818d6ad42f3e392fd415226c37ff05575fa913df3bc9493ea70837afffb9a2ac

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agentesla/08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe
Size

216KB
MD5

596932a4b7dc0747282dee53618160af
SHA1

b06cef1a56cd259f22bd4a34e88f0f2d9da9d3d6
SHA256

08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5
SHA512

cbf86e1fd4e7dc8b2a65cf1c8f41542901509e3993b7b2d3bd6d3ab6b16a8abdeb703ff2d9f636a3ffe5b7174ea7cbad2a3c2d9bbafe728731fd6c9640a177ee
SSDEEP

6144:XTaYQMMO9U3w7h3wjuVHEmeGSMsBKbG1U:XTaYQMlwy3wjuVHEmeGQJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1212	msedge.exe
1212	msedge.exe
2068	msedge.exe
2068	msedge.exe
2500	identity_helper.exe
2500	identity_helper.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe
2068 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exemsedge.exe

description	pid	process	target process
PID 3784 wrote to memory of 2068	3784	08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe	msedge.exe
PID 3784 wrote to memory of 2068	3784	08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe	msedge.exe
PID 2068 wrote to memory of 3456	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 3456	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1220	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1212	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 1212	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe
PID 2068 wrote to memory of 2368	2068	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\agentesla\08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe
"C:\Users\Admin\AppData\Local\Temp\agentesla\08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffac7246f8,0x7fffac724708,0x7fffac724718
3⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
3⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
3⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
3⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
3⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
3⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
3⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
3⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
3⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
3⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
3⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
3⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
3⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5532226623797181975,11174244757311022692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=08bcd543875afc446c8fb959a0b46e3c33a59cd813816490c57085f3952a55f5.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffac7246f8,0x7fffac724708,0x7fffac724718
3⤵
PID:5268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
7a66d355b9d501b3dcc7d5495a258619

SHA1
9ef10f9acc258be05684318f14fc6ba84134e86c

SHA256
72b21f7333534c6ea1d067b4e975a4ac0b8886f2f9493217b8402b1bf5235ddb

SHA512
e66fcabfdbe6f99607186c58cfa4e4dc8d3df9c35ea7068231152260a09ca7b19cfa8479cfc4310016d0caebd125a5aca391b892f9c0e811c3e8017b1a735ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d76c47aff5e159a09a63c69f4a00128

SHA1
aa99452cf27a789830e208e05a9e2666dd13d4bc

SHA256
23d45b00d552c67f276ecd18d2ecba9be7bdd94aa6f56ce8abb90966942b0b2c

SHA512
ee1405636767fa204ec6d4619250e1bbff686ce9857fbf39a3a44d133658c99e473a471af897677b0d8b1814ec570e5d78de73ee24f8ed3d77696bcfcd7c73cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7367359cbead661b60fc9a656f85f497

SHA1
5cf7ed0508658ad39a31301331b28fd660536d03

SHA256
52030f00206d8512a34e6444a73cdd7a3767f0dd4d32ed34921bddb14e320045

SHA512
b3edf54c5632ed4fb8ade8c8e38c4138f650f3176196a8e4dde885545e0167d15a1364b860ef59c9c4becbf261faaa3f90a7ab1c682ec1f7271184a6ba192071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ae6a25aa1cb9a85cf6d1a62a251b555

SHA1
47cf01bade3f2ad5bbe651a88d5a618cf1d50f5f

SHA256
5c294b8ea577d66383faf8b1d875e0449263696ad2dad69f464e0791cabc206e

SHA512
807b761243d78c7975239c6d395766a3c2f25f2259e427f640d7b5ed04f409b81f8e86596d5fe339a334a5ad5e2d8b1529e934582f506c6856029e38eb472283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
de32c86ef0e3cab5631ec36ac370d48b

SHA1
139d569d78cbfa7643c8783e71700b782d9fe2c6

SHA256
a118a66c5937759e66db6b84d3cf5f59fa99768021218f8a30d5ee713247eaf9

SHA512
5a65e115dffa79dd058610ac67f741dd5861b2061432446b995858030d9e6a363f1ed14f1db4537209a85eea717ef6819ba0fc396ba28cbf6be5d09ea6e96f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
77496567573500e39ffd9b8d936e6932

SHA1
e4fe051597f0b033d78febcfdbd610eba6480669

SHA256
ee5d369e12c81cc6883add7f8dfe455963a5fdcbbde896df09af4f6d1bde7a21

SHA512
516012d8319278bfdd776f9a6cc612c99980e91c41f182c9bee3c854e0dcbb8b5ac5bca62ae4bc035ed4c06f758e7760cd0bdfbdeb4984b2396149aaaaf0d3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583275.TMP

Filesize
371B

MD5
041a8b19d5ee93f3ef52f81130a4fe8d

SHA1
c29804ead45f55ec4b74cb32a4965993c5624366

SHA256
3d454d5540e4363344d43a4892ba6e31436b1d820866f87b0c6543263fa08f04

SHA512
739bf730fdb91d0ab51f2415a276c02ec5e25c2d044e80fdb49108fce4b9797f01428cc6c6062944633374e9202b94a296c09c8ded588c202053422442b227a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb564bdef85995f42255e23c7883d1ce

SHA1
cd6683ccd7425d2da9ee8e2023f570e8333774be

SHA256
2785a275fb2eff66c49ce0fdb0fa5a6bf8f5fb23704c80b74146883a4f394b9e

SHA512
01db4dde2000e688c02bfab756e6db5eab67207d4d56bd3cb326a4e4c3a367d48b44e6d3661191f41ac54551c80419c0168127ffd9e6cdbfc59fcbb313850773

Download Submit
\??\pipe\LOCAL\crashpad_2068_XAJPNMVUXPGOKLCW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit