818d6ad42f3e392fd415226c37ff05575fa913df3bc9493ea70837afffb9a2ac

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/10/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

agentesla/10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe
Size

237KB
MD5

cd31a92ec2fa4e8f90eb1218f9f85b8c
SHA1

42dceb75f36d061584ceea5f34c7755031278a12
SHA256

10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1
SHA512

445cd8b23deb30e542b4cb4f040c6ca800ded2584f6f6117bc8ad1431997f79d304e6f9df451af27ca55a27fcbf49adc9635d927c81cdd3fb8e5d9223c58a0e8
SSDEEP

3072:9FS5h5B5RGyPBQob8aJPoH0FfIn57N0OUJW:9k5h5B5RTBH4QPoH0FfIX0r

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
5096	msedge.exe
5096	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 5096	1796	10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe	88
PID 1796 wrote to memory of 5096	1796	10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe	88
PID 5096 wrote to memory of 4764	5096	msedge.exe	89
PID 5096 wrote to memory of 4764	5096	msedge.exe	89
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 884	5096	msedge.exe	90
PID 5096 wrote to memory of 2656	5096	msedge.exe	91
PID 5096 wrote to memory of 2656	5096	msedge.exe	91
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92
PID 5096 wrote to memory of 1680	5096	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\agentesla\10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe
"C:\Users\Admin\AppData\Local\Temp\agentesla\10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd46a546f8,0x7ffd46a54708,0x7ffd46a54718
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
    3⤵
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
    3⤵
    PID:4064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,302476262975523829,1609793365292365215,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2724 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=10b4fa5dd267a1cda86efb0abea33722b911ea6972d113b66af613fd42f6f1d1.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd46a546f8,0x7ffd46a54708,0x7ffd46a54718
    3⤵
    PID:2128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\28573e66-0dc8-4307-b85e-8251324df1ff.tmp

Filesize
6KB

MD5
44ebe985a7f98dcb831df16b8d93a37a

SHA1
f5ed9036a152649412631edb3a34e2ca96b003ee

SHA256
c67cd012fd8ef3344f7ed6517e6f30c278c6351498727f7b95b1a4fd04617cba

SHA512
66330a20afd150307598be645dc421a6b161f38bf80f15005c1165f309e3c1429be4c8dd25fac6e73195f41ba319eab3765e8398f7cc75fd9821809ebdb92574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
3625712c999e9609a4baa0e29bcd6928

SHA1
581feab76b9991b169954bd8f4b9f823794faf0c

SHA256
72d072a1a5b7212a770a76dddbdfb9b7f772b039df1c1ef70375f87bdbc6e1b3

SHA512
98b7c397e2fbfe8901cbec4c5045d6baae678789f36b98ab35f89702290830a301366e70a1b923002de4dcef8eabfb8fb13f5309c22fea0c9926317559e94cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f971bccc7cdfcb3dad4c347b6cc98b8c

SHA1
62ee80ac48f7d4a4dc34d6b5b46e9c7d7bcef33e

SHA256
8a6cc5989ca467257bad519db83c7ac783aad44bd3e8458c30c8d0ae9f05398e

SHA512
33fb875a79d178c1c862e76cf3a86abb4a158316d57f5079b12e31eff9f6c7ee65446c289a44cf08f3c46402476a3b7d256b4b2ad3668b1d5e07ed60580ac99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6602ba89798e147dee4fdf3b98b49d4d

SHA1
9791db7af9293b0978a350c328f226f9d62b8b57

SHA256
03038315568fbe1d5444f80cc21e384341d7cea85b58175b8c4ea98d76f61f7a

SHA512
808a6511fe16df2ef81912115ca3f5181edcfe52301fb5de49929d484b116ad56454e297c97b737e41ba59805e0c041c4d491c5494cdbeec6e6b341c88d90c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1384e57c7826e0a9ea3f5dad161ac82c

SHA1
7248235fe38553cc0ab01bb98a8afa1693c543a7

SHA256
a641b9016ba84fbe1e1709bbc6f0825ad4ef54de5a8b550ca4393909697da976

SHA512
327b8f4846bc7fc96f6bbd5e4a546fe6d785efad7f0a91b149472ebda9c7727bef70e395a5947d48e3d39824c1119c84784dccbd105da3a8ffea2bececf58c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7d2.TMP

Filesize
369B

MD5
880cafaf9ba3bc64291462271282640a

SHA1
fb1ae8c27dd447a51f2720728b9194fd9402d8f5

SHA256
bfa1b8ce44cd02266e751bb8d5e5e10216aa2a36419764ddfc3d7d02f3f38a0b

SHA512
4bf01d7f6630583a2088aceec395526cc9e77880828cc966228546b2c6521116cb01e87d7a68eda705afc3e08c798e03109e09d58e3f5f533e632373dd67b686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4fd3a8b5d349b7b66f7fc4562373d232

SHA1
ca0c67c47559a9db675ce933030547526325041b

SHA256
c1744232af72d7117266618b3e2e96b3db6af7ef4061dda7aa00a318de1d213f

SHA512
32eebe03f2a3c005e1b6b981dcdce708a629113a27e5ae6bbb3b47209af6374fd23757c18538a097d052b369d57990e8bd25d77875404a05108b0e3063fb28d5

Download Submit