hxxps://vx-underground[.]org/Samples/Families/AgentTesla?view=grid

Resubmissions

20/03/2025, 10:23

250320-me9bdszyfs 7

20/03/2025, 10:19

20/03/2025, 09:58

20/03/2025, 08:24

20/03/2025, 08:16

20/03/2025, 08:11

20/03/2025, 08:06

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vx-underground.org/Samples/Families/AgentTesla?view=grid

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 11 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_277735279\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_277735279\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_1074414063\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_1074414063\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_1074414063\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4432_277735279\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869396163416291"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{30CDF8E8-9AF3-4F8E-9503-BF5C25C0D3D8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 2636	4432	msedge.exe	85
PID 4432 wrote to memory of 2636	4432	msedge.exe	85
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 1704	4432	msedge.exe	88
PID 4432 wrote to memory of 1704	4432	msedge.exe	88
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5800	4432	msedge.exe	87
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89
PID 4432 wrote to memory of 5532	4432	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://vx-underground.org/Samples/Families/AgentTesla?view=grid
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffd37a4f208,0x7ffd37a4f214,0x7ffd37a4f220
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1768,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2616,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4844,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5116,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6456,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,6537035253120851133,13473883180475657346,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4432_1074414063\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4432_277735279\manifest.json

Filesize
118B

MD5
395a738237cb5606743da99d5459bd59

SHA1
53a2e376dbba8020189b4d629d1ce452c43abc42

SHA256
6a15b2c0969575a4ae419e8b0eedc7c5515c8ae3dd73771e431e484689684aac

SHA512
0ac1112218d23328eb3cccf777c9bf7b0c31b71387fc620d0f91fec73994661021524ae66d8b81f26d1d7f4df8ac60c12f7852c72c65030d0c106a0ba773a8bb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4432_589040292\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2f1d9719435eb0c570d50fd16d5f4d5f

SHA1
54335a8c91180790cf63dd37e3367170330173ce

SHA256
625c58d4450ba05a1d8e4bd765037c6061947ed1d39f4c07ad958ba19c1284da

SHA512
0612a6d69ef8e8b2537c36204871c1662c27950087e1e11d813ec253d46c144eeb21e71cff560bc30e4aa70b52c3fb556a94eb06527aeb40b060aa12fd003d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c265.TMP

Filesize
3KB

MD5
36e441166bc590106b5f9a44b96d7c2b

SHA1
c2fe711f001e66d1a66fdde7bbedb112493bfe06

SHA256
ccb0939945a9324b82e4351eb03a216334eb65731906f96b62f9eae17543ef72

SHA512
6d5ef00061f1e01c9fc1b4d115eda6c7de1aa141bb78b60982a7eb98dab19ccd446ef557d5b8ddf0e0a6c4fffa1da79eb7faf09178ed8222cd16e2090458b773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7809a353a483ba301be3948237e4bda1

SHA1
759ed36df9ab4bec459183ba227bffd1f879c0a4

SHA256
13ccb1c914987d2069e98fcfc593d47160f37010d80d2ba1ad7f11cbc920b1c4

SHA512
dd18ae004b7bced3f23620d52ede5df16acdeb4fb88ec639cb1a4d86ae9ea19d8e0e34e2c03e4386ea7afd385fefc1053a13c393d740d788007db0b457a4203d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3a07ad07b0041059be8f0071a2170d0a

SHA1
2049b4e9e77e2d37cb6506b24c0504a209b3f7e0

SHA256
042b69a5ac936bd1b141d2802920da78197512d76d41b8b02ea92924b01fabf9

SHA512
287a3d9fc63a8ca53086d0a10c21d9ac302d139a26af3fa21419ea0bde72f5cc8837039a996455593b1778b2aec010f462053d3703ae55c8db35cf3dbe7c7bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
74d4c8d2d80f4f85d582c2fa01cf63f1

SHA1
b42b8ddb952ad89a48532607a65a70bfaafda08f

SHA256
f635510fd491425050cffa9fea422d09ff9534630ae3ede8a6e445be702c85df

SHA512
2f30b9deef6662c1d09b2cd46cd1f6924d956ce4ff1771ed72f6c5e1d6bcb59d944d868fb119c94434104d95d66f80c8aedc0226df5e17eeb22b0e1835dd65a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
e113d4c537ae2d4d9026aef8438b4db7

SHA1
3bcdabe2e50eac5cd2a53a0caf1b2acb64c55e1e

SHA256
b21bd3d271a02536ae77e9d7434e756c97c4115b4eb81bcc1d8f94c77605fae0

SHA512
914ae76eed7fe64234048a705145033073f3b781ac340cc54b26282a7facbfad9b33a192fe9c81f22cdea4356959ad799cce499a51ee96f570c3c67507c8f78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
a8ba657bb58c776a03948dde49a0ea91

SHA1
39e0da1d6ce68abe444601f72803e644f8948230

SHA256
a13878d49e7c97d4bb43b361b7c749c7b6bb2002c7f561c3b2c7106d399d063a

SHA512
a4edf22930cc88e8c917f6121f84fd28d7429655fa095b8698c411e66cfb98248ce92fb2c7933727dfcb29057140644d3b8a7fb8ff4c2ac33182343eea0bcfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
a7d5d52fe921dd1274cff7c915ba1c69

SHA1
a27d3569d5beab10a21e1374c7c8a05fe7e2e501

SHA256
d3bb97ddfce34bd545f99654db641d33d6df9d09853d34fd7e7967fa92e3d01c

SHA512
718b257c50c8730ca3b4b42ac59814f921c8c52176318dff066d9e5c22d537d8f588427aca7b187b08a836519a061598d4d17aaa96ccc96a75672e4d2e8d5555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
138f9c01288337794273ae56556e8888

SHA1
597aa59e88bff36815f3aa2f5671201f5fad36b7

SHA256
a01b97895864f1ebdd7dac273c2c981ff3f6e0513a5dc0dfb6f2b4de600ea22f

SHA512
ea6367baddf44c081933f4e481c6a770c5bda31ed43da7dd9dbf295894e03a32125d53fcc0ac604675cb5121545407e97f9e03025dd2595e8deea93866bc98f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
fdb808e084ca102cf370f5e7c912f09b

SHA1
40f5b7f49c8ed3c022206438370fade41129c86f

SHA256
1da170ec74c8c256e97d0264ead6a909d9635827fdb5fdc2ce8e14591388bbe0

SHA512
65412241af1a67024349b88d260dd9d1440daeced8a456cf11298ff1d3fd6e79dd8753ff74f93a356d53b696bbf2af2c4f9e91142279dd7abb2052ce73dd6c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
07e1658518e7beeca0e944cfc38c5aaa

SHA1
7a4ad940494c5e18751c3a74c70077c3bc857ce8

SHA256
dc0e254eb6eede02fe13f147430eba86ce8dde4c1329fe2aba34971dc068153b

SHA512
43b8afc697ac40631e5119cd782163c70b74b0f437d367d5ba1a99bd68f2ec56197b821ccafb301d11030ca7208a16cc8f9008baa0b58b08acfd87b10fe54dda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
56b04acc42a907c26203fd7d1c58b5de

SHA1
9cbefa278c44815ba6a08d39d365b5473f5a4c25

SHA256
ed63a6b5924a4efa1928d8787b3ed07585265d830c1ab1922aca38b81bac0b00

SHA512
ae1ec629f9d1309cca23b90908493fa2e0ed1de6e25c4ad6e3d76ba35896fb92062c13801c726c8ad260fe33b48d8293069daaa997e83ec599d514112dcec7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
4dbece3d508179e2e1477dd354381e07

SHA1
da04a3e891d3d9e22e1625c72214b20dcfdcf4d4

SHA256
d4f5ff1258d1d4404c5bacca8c082278a363455b71488a839af71a2c1c55895c

SHA512
62286be41ef793d442b62c546cc1ff13678fc687d261c68399f1d2334963409a0bae6fd451f0fc12f963a49014c4c298bf0baff78604d559629821ce7508816f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
27f4b5ae4a3acca80acfd18133aab009

SHA1
9c4d242e07aa078b2a56ee4ff5b1623ade03156a

SHA256
3a9712cf7fd3a458da01efc9b4e7b87cfbceb75e5a19da7b1fe2f97dfd98c5a8

SHA512
bb0d21678c584c5cd65b0c8265f10de617d2a54a713be99ae1247566ef53cf1d173df50eaa60e85a286a8ee7cc06c74887e91c4261790deab07122daf544de05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1175e2e79bea786e979ab5bfe465b9fc

SHA1
3f6f4fb39b2d93a8c8b90afc50edb8ae2a48a477

SHA256
b45d8ff08c9de03e355555f2e36c4849ef2086ed4b68987b53622576dff9b8a9

SHA512
b1919352cbab6796844ef78f786146dce6f84d28a37ca20d789feba9ec3a5d8f98b443c190607fc1301b864a1f4190b0be824e59a70dca9d124a98001abca086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
67590bd540815c16f3347fb6c4736b18

SHA1
42a7359c6cd795703acc114fe8f6f340ec440271

SHA256
afbcc7ebea586cc4faaa1d842015f32232822efbbb965f0c82904d03a60f88ab

SHA512
46cc8d843ffeeeba916b805017af55130fdb5a65d82d91a45fd7b8ed4f1b9015e550ef2ebaad0ca6e59c17f326037a38405a1412c0a95a0c53a72100467efc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
efe5a97ec9f5d98057d23f83f3d94cac

SHA1
47425b897bd04edeaf1774d907f5015166974e3e

SHA256
f67ea679ecb2e29ccc4cb6b8e8d98d5f2c9bfd0430711a3868e9bbe122410fee

SHA512
4a4599a835fc9c57db2d5e9b7ca3ec3b1cffff9e9893c3651c50df743c688f571aeb23dc93535d094a9b4d79302deda68c3f17e3a1827560babe0900ce828b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
38468246b63ba0aa34decc29ba80df10

SHA1
59da6653392d1b42bb790849909759b439d01c51

SHA256
282241cd48c4c2f6d7eb9b20472dd1ee53f5d7b4d55bd064e732fc5494541240

SHA512
8299834199fa9bf7e2f7714996bc6d56f397a4c6d63f05449602535945f75a3c302e6921bbf0484354733a5149a77bb59662347bd39cbe8ddbff70dc6b976938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
45c9dbaf5409bcc5ede2ee8c7ba39db6

SHA1
bf1a17e66df125e6c4708d061e7995dedadb11da

SHA256
0442be687e90a900547c999e1512ccbbb401685c516c4b2627090b191c10421a

SHA512
cda65be1db6ee7a857262fec70951146fbb9ca97dd0d8bf59077f9111d76d60b09ccf641d15c91fab5162edffae60775ec6affb0888c222ddb2712c68d7f1396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a4c459446f16180440d7912b2a806976

SHA1
111009d2a399cc2a2b4df8df3de10685a8eed414

SHA256
c488707181dc392a95c5de6f4332afd755a7c850fb8836fee5e72c01c8e6870f

SHA512
04bc8f09f442222b89a0d2b5f66d19e8126e192a9a3d635a7ee05d884cffad0c79f702bb745f1586925c23668ab6ae60fa3424bbff6552b78c2e0e1471ead3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57e34b.TMP

Filesize
392B

MD5
f1afdccaa3745bec01bc5631d0280b82

SHA1
5b3467b00c7d7131c3ff18a021bd8d0252bb8caa

SHA256
80c0f9a0985a7466ba5b6aa23899185bea693bad3c91fea2efe9cecfd0b72fe7

SHA512
ae3b208713d484f48328439c4a1b415cc089b7d285efdead06d02fa23b18c3cae3d06a12ff5b4812e25f911a598493678bf82c8040e9e987ab613bf350fffa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.20.1\typosquatting_list.pb

Filesize
638KB

MD5
da8609745ded15c07f9b3b42a794f1bf

SHA1
6f51794da7f06ce1e79ea3e42a22f67d068525bc

SHA256
7dd01720dc53471b5cfb185a9b1e39be94a095c53e5dc8a295818e425ca265c6

SHA512
a04bd2845bd6df19cd59eb6d62be863ceffca5841f8c878c289364418a89e4b0f1efa4224f3fb0d10a010ce73a23a60e81e6d7437ec27da3541f085e22ac938b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
3e1516d97639451cf23cde24d770d2f6

SHA1
68ca8415fefb693c3ea09ff0ea61d3c119ad3734

SHA256
4e3fddcc4f3361e69a94cc99bc42f40df797076125fc51eb729966ed4c870b68

SHA512
31b40f589573ded0c133e3a72a309bdde586df0f904faf83f7fdd80d538b570d984f73ab1ecb7bc8de336e6451b3889cf8f76fc7e5f528f55e8d3264782d19cf

Download Submit