818d6ad42f3e392fd415226c37ff05575fa913df3bc9493ea70837afffb9a2ac

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2024 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agentesla/0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe
Size

166KB
MD5

c4b5ba9636a769f2233050b9b7a73a86
SHA1

cd4dd2e842bd734be82ac1a409e7dff915f72311
SHA256

0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f
SHA512

f645465170d789d35770bbe6dcac4dfdac45b6efd9d13260de287abddc54dfdbdf3750c1320d2ec1079aae3eee103e402be197aad71681844ee4a73453c4a1f2
SSDEEP

3072:6BW5XE2Q5a+DYnL8kuEh2ntyH96GhZSAS0ZUjDOD:WW1ZL8l42nK/ZfS6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3656	msedge.exe
3656	msedge.exe
3776	msedge.exe
3776	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe
3776 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exemsedge.exe

description	pid	process	target process
PID 2544 wrote to memory of 3776	2544	0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe	msedge.exe
PID 2544 wrote to memory of 3776	2544	0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe	msedge.exe
PID 3776 wrote to memory of 3632	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 3632	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 824	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 3656	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 3656	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe
PID 3776 wrote to memory of 752	3776	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\agentesla\0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe
"C:\Users\Admin\AppData\Local\Temp\agentesla\0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3bd46f8,0x7ffaf3bd4708,0x7ffaf3bd4718
3⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
3⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
3⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
3⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
3⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
3⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
3⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
3⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
3⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
3⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
3⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
3⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
3⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3219488470470626248,4275978851604382800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0d558324d41e1186934cf86814f31bbfc9cf376476f9d274f093a6e72f1dc99f.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf3bd46f8,0x7ffaf3bd4708,0x7ffaf3bd4718
3⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\16902554-3ad4-4663-bb21-b3a5f1a8c300.tmp

Filesize
6KB

MD5
ed9598817d6a90661911c4f38e9fac36

SHA1
3b3e87ed5013cc8265f80696581ff55a152b464d

SHA256
30598f6b57defb1e73db6ea1b54f3bb05d35959bf5a26545c0df150f0b34e412

SHA512
42fee64134888b1f24c40b5cd91be9dea6bfd290a4bc9790bd11d5182b1c67da9eccf129ca3bf631b039831940252088268c9ae73c59c02ccb8f207d688ac6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
62e654dba197a6694c02effd5148f8d8

SHA1
1da4c53c80fd2f69f4bfb786274f25cea6c2ff38

SHA256
9497bacf6ef69621e30f9051d26e88806baee8681a9f5a25d33f8a12b7c0f9ad

SHA512
bd5f49b92a1e9b347e35dfcb3cd1526d3c1ceefb9a2e29ebe933426573e03abf575bfa69ee9fb45fcf2877b4f4aa5d2208120a7810328590ab9246673e1174a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c84828e51a375994fe522dd7a017ff35

SHA1
f01fa3f7695bf893bbe4db05cf18b5211bbf7420

SHA256
4132da92925b014d40d84a7ab85574db21076f55dac092fc853d54c1b2d954b1

SHA512
613cb3e9d1b8faf619ce14564ac68cbb758705cc6b52a2aee6bc82008bd940d9b1f395ca076216210677410be83e3e8b8ca2e6399e1c5da57ae387eec9fa7918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86eca413faf3c7c9dbb57b99354a2344

SHA1
1981a2a7fa40e8979195d4cc31b8600e19a99912

SHA256
7c3c93ee5c41e6597457080ced8c42ebabfc963878a3995fa2e9c3baac7727af

SHA512
91202578c911d702cdc66eaf8efeafaa1915b4f1df29da01b825ca0c5ba66984439d7178ccbb0b6b67ac406d68750a8021d8f642efe52c0a94ef729bf85df66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
369B

MD5
f6928159125da454418d895fd80e0edd

SHA1
634e165677cf3c83cc8c5f48fafbbfd2ebe87592

SHA256
f273d45f68c6a8eacf6bfa5b97d97d12f54213c618f723eb8ec5f718cbf531e7

SHA512
828d5246d49454304af731b7b254daa7e93c593ebef657f3190b4a836f2e670c95dcf28bd2ce1ce69ba52239477166a7cf344903cbb9ba18b098583f555f39e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582bfd.TMP

Filesize
371B

MD5
21fc4ce7a53c1b29de67439abbe15011

SHA1
30b28697b19c226c57ee4d83128a31624904dd5c

SHA256
f7092d47251c8d36b611833e304c83d079cbb581b23a1236faa0bf6689a83117

SHA512
9d2ca8b7b812558a770aca489e44ded89cad27a3b0773bb1e48949ff075fa12bfc696e6229964af9c42a24d504062d1d2b457e26a5f6657fd4d223efebe7cd49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c693ac4faa47c2f30a2f86e4fb019d5

SHA1
44b677196ec69d957c9835812487f56e526513ef

SHA256
62ec6b0c88fb0f8f4308571455e24c5d214e5df48d47a8a62bfa05448a665a8e

SHA512
c5d2a95d232051884a2dd16806a1915f23c795a6b6e6a7f69b40a2fa00b19817a7d0aef8849450e68120ae16e0eb05a0fd7ae71fdf7ab9c222a15ed00f75307c

Download Submit
\??\pipe\LOCAL\crashpad_3776_EKYNUYEOBLLAGBES

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit