818d6ad42f3e392fd415226c37ff05575fa913df3bc9493ea70837afffb9a2ac

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agentesla/0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe
Size

238KB
MD5

8bf24d729bb8ee07098958a26e8e74a6
SHA1

1fa5a97780cdd18a23585e05e073b0f39c0e744d
SHA256

0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce
SHA512

932b38be5d7ea3dcf0012a5643f06be7ea19b4f736781bfdb08441fa521337445d2bd86b44c4ea4036bd5415c5fef1a0cbe0984f3d0f8fbc9aea3ac509bb6dde
SSDEEP

3072:dtx5f7HLPsTVGZs2zgKT+diH5G0Fl0CM5:R5f7HLPsTVGZs2zf6difFl3

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2252	msedge.exe
2252	msedge.exe
1696	msedge.exe
1696	msedge.exe
2268	identity_helper.exe
2268	identity_helper.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 1696	4396	0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe	96
PID 4396 wrote to memory of 1696	4396	0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe	96
PID 1696 wrote to memory of 4416	1696	msedge.exe	97
PID 1696 wrote to memory of 4416	1696	msedge.exe	97
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 4880	1696	msedge.exe	98
PID 1696 wrote to memory of 2252	1696	msedge.exe	99
PID 1696 wrote to memory of 2252	1696	msedge.exe	99
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100
PID 1696 wrote to memory of 3268	1696	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\agentesla\0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe
"C:\Users\Admin\AppData\Local\Temp\agentesla\0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffd565d46f8,0x7ffd565d4708,0x7ffd565d4718
    3⤵
    PID:4416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
    3⤵
    PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:1288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,5112537744340464321,6960381018861281445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0ac34ce3065de2dac257227088c89592b8ae4e61706a0c1598870ac8eef835ce.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:5324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd565d46f8,0x7ffd565d4708,0x7ffd565d4718
    3⤵
    PID:5340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8070d347eb2660cc29bc93ea88b8ae7b

SHA1
4a0c46fa6f7bdc194623a4f4e03990c536dd4ce4

SHA256
c48b227f09080781bc0d75a542e74090fb6c6ae3b95798bbdd2850b80e141d63

SHA512
83499f4635a7fbe3ebfcedfa899a304c114f91f8fda054ee98a2c012d33a0aea72560741ac40d35e80689f60b382e304187b03112508a6c57f99652a997241b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0844600080836e537679fc1b0cb8e46d

SHA1
69def54a79fff87fa05b13238375ad8a64355575

SHA256
7903e9cefcc97f84bef083aa08eb754d831edddeae7c9fb1d8bf48deac82aa00

SHA512
5cad46e2d7f1c06501224149eefe9b340177857767809fcc6b2aeee56d3e6516b553d05a77aeda18b808528883c42555d8683f5df7633602160577792c467fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1114a3dce6000bfc043fb568ee95d02c

SHA1
7ea7a9e081b4fba8f2a7968e74ffa1f106511d0e

SHA256
31648a14d5a9459fa386e62ed9ae80654216487add807552fd64db3fbe9b342a

SHA512
6a7a97d2b960038808e96ddf23f47955c2a9ef1bca0c9e7d89551b5c021d222f142c86925049c841899e67134b8a8e5240de07d83e29fd2fd1b3893be48f663e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c0d25a43158bd95406fe9461c5185be

SHA1
777404a9afe6e38aceb8c796fd4c4bb40a7b7262

SHA256
769d20a7565833e092c150aae2abf826719eeeb237e9e33221b5a4e47b25200a

SHA512
7d68e2f9dd707361020a9cbe7b5614a71815ad558dbf461d0a1795c4701c08434eacf6e42e58991fedfaf3eb950d8423a1e1a473b47756f96a84bcbee184a040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
d9d3a768ed0c9872e39a8e035b21d2e4

SHA1
caa8706533b4da1b4653c056c05f34439e740d86

SHA256
b2508378f9529f5cf1bcdbd6da0c4117af10ad74499dd5679f63df3db0ed9141

SHA512
116f38e35e76ebc4f5fa38e70d418ca7afdeacf432f870b3f5c413f8247469520d1902c0b4a03f92cfea5bb24ba1746a4bd782c51661ce769d79cb3a2ec05db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
37c88b87f83c619572dfb2864b26a5d9

SHA1
7440780079709cf88c43de7ee4af5c5cb595e2cc

SHA256
5b5b064cea95386629d7933ba5b2b5e6c700ce28910e3d9975d63a689835753e

SHA512
3e4efb4b6105cd06600d216751640fadd54bf3e4f9c762d4ae5a3e2c097a3360f21e4690e9d3dfeab7873a90cece0eefb693eec6838648f5add023e0266efad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5838ce.TMP

Filesize
371B

MD5
be0318d206fcd67cfc6750399946952b

SHA1
3a5bfdefbc7d230bb983589ae79801f8885ff65c

SHA256
a400cb22d07c891944ce0209f6bf469bd6d9bf86223ee1c3798a9abc116ccfe3

SHA512
6e13ed2010c86049a13d23de219b521c2c4212c97ba873f15280524e195518d8fe9526cbdd95b75fe991c317251385604779bee93e7cfd0c249f3eb42a632937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d96a21a31dc21a8f07ed5c652425728

SHA1
bbb9a69da57a9c03ea05fa5134c75a8a6c31e32b

SHA256
0ac221ca4a9907a4564c4d027f8cfa5375dc8411a0b463c3999c7f925d21ef76

SHA512
2a9ad181a24761115fc08e1d99490cda4a43de7e857831d7c449b2383d5e5bb7da3ed43589af130fc5705702602219999fc8ea69a56c11da69f1a320194a7b0c

Download Submit