818d6ad42f3e392fd415226c37ff05575fa913df3bc9493ea70837afffb9a2ac

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agentesla/00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe
Size

234KB
MD5

b772ba158b117ed888c6806ec8e1c982
SHA1

76a72cea71589e6452671a8b537e30b1af3d7f01
SHA256

00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b
SHA512

67a9dc5983e290f2b6e7d50b949e8e8bea1fe43bc446615c125aa9749149e974c87fc1ffd55d1de6f52e8ec177b1191356cffef7bb9ecf56d2c05890ada96358
SSDEEP

3072:fDZmyuyGLY/EsbHKHpBTkPajL5C0IDQH:fDZmyuyGLY/EsbHKJBbjNIU

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
1404	msedge.exe
1404	msedge.exe
1468	identity_helper.exe
1468	identity_helper.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1404	1256	00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe	92
PID 1256 wrote to memory of 1404	1256	00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe	92
PID 1404 wrote to memory of 2608	1404	msedge.exe	93
PID 1404 wrote to memory of 2608	1404	msedge.exe	93
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 1880	1404	msedge.exe	94
PID 1404 wrote to memory of 4152	1404	msedge.exe	95
PID 1404 wrote to memory of 4152	1404	msedge.exe	95
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96
PID 1404 wrote to memory of 1584	1404	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\agentesla\00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe
"C:\Users\Admin\AppData\Local\Temp\agentesla\00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986d646f8,0x7ff986d64708,0x7ff986d64718
    3⤵
    PID:2608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
    3⤵
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
    3⤵
    PID:2628
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
    3⤵
    PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,35844140587814002,1060443231153776682,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=00c0a561a336fa0fff7f424c06c32ba0034970f890715693f8c58115ac45912b.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff986d646f8,0x7ff986d64708,0x7ff986d64718
    3⤵
    PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4496c2849c31aaa8f1aee201b5e42e24

SHA1
b5129946b86b23157a6bff2da316b8be594d592e

SHA256
faf79d83f77e2d1c6dda8f873ba3261e9c774e092554151469f384316a7a9925

SHA512
20701776fe8341a79724844d1eec9618e7f46c1e3bce38d802e485469143c317e9cc3e0b6e4b60b7a3af79c25c788650d5439cbfb276e983aa818187d028baca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da314ec8dc15cbd2b9a281acd9dfb65f

SHA1
522d891444d97641ddcd96cc93ea5cc49c221318

SHA256
c689658ee5fceb0a1ed2b8e44a19a1899bd6a297177b05c608c0fd009e31ec26

SHA512
6cafb3f00e48c03464ee706093003debf16f2e4c24964f142efa2028e9150a276b96b97284ea0efbc4bb321ce36038e554e72a9320557dfa9045a7116b848da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
661f9281a21b37090a988b3f12701fbd

SHA1
7064ca63b422d9bd4c3f85f313f1dada03f71b5a

SHA256
8176606d4814c1a7b72c7352d7aa4e7c71e68d2b8a59f7a84d303af1639b5579

SHA512
0305a766194649cf4814e0066d6f7dba42eabace6065224628f8a902c8791d190209616ad1edf8b12b461989cffa45b370cc8149d38a55d08270bd6885b75fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fd6652bf17e7839b40a5d847bc6a851

SHA1
136e09e33b79ba91d8bb5f5ba0225f08ddcdaa5d

SHA256
33341dd76b00742a12305f3a8ca5c6ea39ecbb846c3999c0ebfa0f30a785e9a1

SHA512
c1df15c42e0ea1b87b54fc75584edfa20a50ee05b62191525d2ac33f1930403e7740aac9a429c1dec7666ed2add16ff16f40d472c61b67d082b79947fcad7b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8bdcaec53cf81c47c7d0250e4c1ec79b

SHA1
72afdc46231f0c7be270ddbe251aaa2f44c8a9bd

SHA256
87efd1f348d247c1c5c041f185771f6a2535f23bd13e0042dacacbb3bf1b8843

SHA512
bdc2d55eb53606eedf978f2ea5f5a3a5bc70cdca012b453aeae6814d731b513980aae502718c156c44df640ebf88e37b6458bb3195ec11e64fc42678f871f27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e7d.TMP

Filesize
371B

MD5
ae3f308844f29f0d0f0252ce85a5ff4b

SHA1
d84834be00637929cfe9bc3bea43d84846344841

SHA256
dc3012f5c40d6c6fff5335921c5eeddb3994693017f1d22b4b8d9c7447f947b3

SHA512
9e3ea42a40427874ddaeac4f0e77b569def3378b46a195d75d6cc03886f185f4ea6986870dfe81098fb9ea73248c1943f310b2af7257b1ff3ea2a7180f0be80b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
621bc9227dfe2eb689f01cb06f24e8a7

SHA1
b73b6f9a966d38f405836aec740d04e41999aa7c

SHA256
88fdbdfa7458a5f2364f977d9e7f245427d4e5affa42e7b29bcb76ef81a20dbb

SHA512
85c78366c956c43da34322f7d04f9b6fcba59c2139d38efa2e7d8e10c3de8550f94ab58f674db0e0803d2ff2a0357b6880358a459293692ad772ab87e1821a57

Download Submit