hxxps://hurlurl[.]com/wXNIl

Analysis

max time kernel
44s
max time network
45s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hurlurl.com/wXNIl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4888	msedge.exe
4888	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2788	identity_helper.exe
2788	identity_helper.exe
1240	msedge.exe
1240	msedge.exe
2380	msedge.exe
2380	msedge.exe
3576	identity_helper.exe
3576	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2444 wrote to memory of 928	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 928	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 316	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 4888	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 4888	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe
PID 2444 wrote to memory of 3188	2444	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/wXNIl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
2⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f50a091b253172037dd77531196b8e6a

SHA1
7b7f973390d1ca3ab838fbadd952031b92cf2f2c

SHA256
518fbb4abc9695517fc23bc4e93b866318f41deef16b265c3d3d11e3a4855225

SHA512
0f650bbaa413b1a4bed72de2420104e9d032e47bd3a06e8a7c9b93d24ff1770d1dd9775d09931410da99e6c77ec5c5f0982dec6fcbd77d4939f413aeee447856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
8b7813baec8c0400fd5bd7081fad0065

SHA1
01d2804c90b363488bffca2a0739436ca81f1ae3

SHA256
e5d062cda39bde70c4566b2a77c22ff040f78cb1e75b1f4d5486db5526818816

SHA512
709231784fa32393d14b9e5a2ae6514cf5f275b927d079cf1fb3c169d5cd2dbc23bcc9bd4fc4501604f6b0e1e1a4891111d9d1de7341ed96d40cf131ca8d0ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
a86e40ca8716f538758a18264e528742

SHA1
bbb98ef6768cd3cc938deaa8adf759fbcba7c575

SHA256
eb4b35d407c9e22d386b521d5f911659803c1a6278e65319e9a2233b314a626d

SHA512
5a16050538805e5d72a397ed2332887b75cac7157ad68f8635774fd66a8276cf6e894701ba5f35adf12662aa10fa3f8d243fe620a658b11fb31caf579dadb064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
fd238d7647c8ef59bf091e0e99d1f79e

SHA1
3320358a34c84eb77e4acfa8a03cf0d1b5e527c3

SHA256
7fa4b42485f714a64aa373ef5e55d3ec8fc60a752d672e57923e3430856c7c32

SHA512
f4d319f2b6470d4c4e924a6d58a26c994725734eee70008e235ca9d0cb15cd603292a0a8d8422e4fdd0b8d321e6e6f6e48f76a97b2719e706881a35d81be48bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
0e244b56046f1c7237f11ad752779880

SHA1
ad796236e31460ab4a935206424637441b85e752

SHA256
369214ea3283352446fdc25499f7cd5c3884947b44c122b770fe5791cf4d40da

SHA512
966d4f8be0f557458548569403c66cdb4fd78281dcbcd1c37254a098a89162283aae1570026eacdc96de85e44080652485139c9e9bb3446dfaad065c79293ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
dbcf2d641aa490475609f9e4393b5086

SHA1
a6c7f5c99d93308f1be25409b3495b2bdd794140

SHA256
2ba1b6f5500bea830146353d0880c369aaee5c3f891aa632ccb376c4b2499568

SHA512
93ab00c1098d8dd480428bdd427aa89860ece786a24b7ed10fe2c2237faabfbf9ac71061de40fcd55bba7117a0116ddf11e1f91ed6e5692e00e70ee39d6a1729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
a3a9228e24dea6bc536fec553285422d

SHA1
535023b98c252e0c436d3032d6c70aa19b1d2a64

SHA256
ad1eafe044190202660a18cf8c605322c0697e7861053d6bd9c2c897e58af6b6

SHA512
154e1de4da3bd2aac6e10fdf6f01a02d8a970b66eafe87f4ce75bf8586cbcff2af81be64f54dd56d4d64ae785cf2158adc6130e2dbd07f0f3c2128b2a914c9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
Filesize
12KB

MD5
a37065b98b4a9c6014cfef3f68d5188c

SHA1
79f060fdfa1c6a25a6def671f22fb8bbc0ad1929

SHA256
a58f348aec387f3b78c52685178788974a4de7cff05693ecb51b5646d848bb24

SHA512
cd2b7404b264297daa7e0798ffc71b12916e7c3983bb519b082043a19d332dfb7b716b09a75eb6d3101e5b5ec25acd6efc1dd15ec128ada1a45418b6b7b9eb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4b8d58017816ec4d1228a0e3f183bf92

SHA1
b1f758954daf70816a384d47293b5c02f669fb38

SHA256
5a6692758863c01644bd511dc97095a53d97f66878d1cb42d2ccfc0673b3e264

SHA512
5316eb36fb0c1d1ed6e0a730d6e016d3aa52c7c08eeb6d75b558061f41a4681d35ccce720fff084b01fe4c59330e78a61949befaa6ffebf2167694b3b963b0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fb3548a462b114e4c9c925d16b834b89

SHA1
0d5b9d0fe52710d51ba3bdb9415e453da1668479

SHA256
5e625f8d1e1aa1ba31ace137db33983af2b76839b64b6f26bde60dab2ac78f8d

SHA512
ed0d2a20457fc39e37093bf2e90e0567e5e15c423d13ec6395341739cade724e6461e9123ebdaf776d8e562bf96bdf1b0cbf0a076c4d0007b5390575bd132498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d5e7061ae29e35db41f45e924b0ef3b1

SHA1
ca23958d6662c61cd41e81d81048986dab4c69c0

SHA256
c6568008baddfe8be83481ca30c5339a775548f900ccb24c0dd84db317f8bf1e

SHA512
8f0dc35e0816b253929379590757c130bcf77648707715a5eebabcb2fcdd0abf7ebfafdd25201eafc302cfe966ae3939460c24e4714b2e77864303db202a0910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
389d9a5f560a1ef6e5b090145bda0e9d

SHA1
5099cd5ce4e94d5a03a6beb47a9a8262f6450774

SHA256
db008da4c080f555888908fc641c57bc72e846d7f3ab99594e9b7349dd8d94ff

SHA512
39962e4c7b4a1de3f30c9c8477213bd08bde333a21ab314e50f8044ab99dfe3b5337b83b86e987d482bbcc3c3824631de567eae67beb8ed43e88450072a87097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
0a3ed96705c9c92dc798340409ec676f

SHA1
c9fd479cb605d15effe8184e94e26412e1e3dfb1

SHA256
130907248a84fe3d3a4f178d301fd65849ac4bfc783c900e6e02a9868fdb8716

SHA512
35f89f07cfde4b7abe184f1b3fb55bd227c536d6a85b481c272f4eed20f6366e93c15d1dac413023eec2b2e3c8654739ac0556f1466abec05731145abf28b995

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364171482093034
Filesize
2KB

MD5
4e28e026dc241ee2ea2f0b11802247c8

SHA1
c4db6d04da328fdc573b9723ddc522c38b88b94c

SHA256
45ea3aa615248ab1ea1286923f4cd55342217cb26ca05438bdfff47d842ccc90

SHA512
89484ddaff040f2ecdc04955b8e852dbf0a7cb168ceff4bf52c0c299aed5baea830c1f6afb6d5c3debc542e90181afe28997fab843a98dc58a40dc6c24472076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364171482310034
Filesize
2KB

MD5
812bb1dcc00fc48b6cb15cadb60fd8fe

SHA1
9266273bb6817067258a2df34449f59c53884876

SHA256
e49cf8893b8babba2fd27a6020a196e03ff3cd779de01b09d443e483e1430986

SHA512
58b23e3b173f74d1183a918d5be8e35a4a42b86f051abf8f359a6e077a705299e5334cf146b2cb0dd7f96184340c164b5771042d710eb9ea85253c47a337d1b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
100B

MD5
91dfbe95e4474f439f39a2c76cc39224

SHA1
0dd2a38d03fa5aca9cf7b2e092865433ef330e86

SHA256
fec2e2bc558e3d8e46bf10f6f2eac7fa381ed98be3e397308194d5af4f646e82

SHA512
27c9feceaea12671dca5b955f43777c1b9523ab188fb1b08af724f48bec8d0e56c3a46b3399e7f6819e0bd4d37b8b48fd99a4d5e5578a9cff5e365bd6b0873dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
cbadb096c426576393be1de7ff663565

SHA1
284d75ee567e583554544927feb6474438b29895

SHA256
2ae6efe7ab70b5dd0a655dbfb34413ffbd66cb3691e063a8d978f27fa5aa5ed1

SHA512
64ca0c80a70fed572a1a105283c2617cf6b6876d2ff403c7921d1f1fcbb6cf988b81f075a08229daa66bac1e8356207cb0641f0db77aa82a431e698461115ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
320B

MD5
cd86b02417eb83553865b9d3c161c35f

SHA1
f5b3001508c7b01d6d687cd5f008cf2403a78273

SHA256
b2fdcd81305757256e2b87a975d8c5f88bc8f85bf4bd4b59bc6da3f9dc663674

SHA512
4b1370e85ab5ae358a6edf648a8d05aa6bcb37b550dee36e64c19871ebc4a6f264ab339ed80fb4f7b9b596cead3acbb4130986b7bb87a939ce7e555e395a7129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
Filesize
139B

MD5
30f4741568f1c3beec0b53ba668a401c

SHA1
958b5a4c1a942132676b823a6e84a9bad29c06cf

SHA256
dde6e28f8361445441c785d37b01f2be85b6a46e607a05908f493e4e860813ee

SHA512
a107b75c290fc60fd210e2fc30b8be398ddeae7ecd1a0fb9082fbf76d006bf20c964518ba8521189955a46c1135d08eec7e7412e0303cc8701c928491d911663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
b6e42424190bc52c6f78175c538585c6

SHA1
3d4f39ff0f29ed2d540da8740358ccb6ecf5f173

SHA256
f376dd0cfeae08c53768e53cde4cb4f2a2b51e970812190e1c181141eaabeac2

SHA512
c9e6fe9c86bcff8ca196b371c390a4c783d19efe85eb2cabed080038e64ec6372461574684e9d6b149bdc6147631fc29084647b31c96372c871684dace1c3afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
a51422a3ed442e105cffd0453b728cd8

SHA1
02dea0a69114c167ddd0168939b9b54065a42647

SHA256
1c9bd0680fb4dffed0c2ef3c1965e3a7201b24a5da46c8c07864348f23ff60be

SHA512
5b408186760707c723c69a876b6e5a8bf56ec52f3dac6986a10ca81dab9edaa5f0704ef8839b61dba7a6d7125ca92c2824304eb1b010a6766e01184b2c79ac0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
ee68f64c1f735ff7f53cc021ae7f801d

SHA1
f2aa9a8142929b0892f6ccb18a348f1fd2e0830e

SHA256
e20d037e25aa0e6044451c8147363065fa0d6bd8dcafe9be56bbeac7fb4cfa9b

SHA512
7cd4735d6b8e8b06c1274a6b18fe63e74967ca3ec11dff33a77d93fdb4c958a9522aa0ad7c2c438405d92f809e3f7b39cb26a9341b27657229e74a083c59bdd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
ab7f2f8f728ab1a519ff95e6af07c963

SHA1
e6ce97351653d327edb286b552c5faa7b4fb20c6

SHA256
76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d

SHA512
cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
9ec6e75936b4910e0c500ac041058379

SHA1
4d8769dc15fcf10edaecbaae0ac9610c36b3f035

SHA256
96c34aee25b48229c26a66fc82aba298e96c3df5f8ed4f61ae869d0add82bbc1

SHA512
e238535619d462a13883131c175d25e6617d9e56898ae7ab50191ed1b85d791378d171c99ec2a6d52e63f7a740f95d20fbbef0c96e1ec9185480722e2f12dfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
d39ec3a9995856ed3b918d4d7d93c5cd

SHA1
1c26aab3dbe4768810b4e456711103f717d2be55

SHA256
f02b76bd3a46ee55e4d81c5f0f3d6d80c955cb83800ed54fed5ee04acee23fba

SHA512
2c83a7ad1db660aa80aa995dd516f5f389c1cd6d82547dce6b0293e26725d8a8d14b5fd91f3e89185106ca78ec44f544ac9c120654c650293efa5156a7de5df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
bfcf7d374e72bb401f9ad9f18d5e1d87

SHA1
81d6e30f618a6d140634249c5c4c785087d4f45f

SHA256
386dcd49bbdc28dd733c4fb15d41280f4c6113c33f3b01f1f2570a7a20a97e02

SHA512
424692c318720a0136236354e5ef0947f2a90583f958090cb0f00bfc91d24cc9e3d0bf592a571473c92137236d545bbfd81c7f035ba15c512bb002e0a588e7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
57bb74ffea227cdf6b1798f353661501

SHA1
bca63401a6af797100db12bdaae42adc0cc67f01

SHA256
b3fc6239c9360a3e52e80de2b9904a935f934197847b8fdddd9efe1272a74bef

SHA512
18b61e750cab2fcf82841fa6b26f9954a3cfbbb96e19d09d1d650f4c8a541fe3814717904a73cd5cf6e09424f0b8d85f7ffa83c0e40f149c1761807bf3885488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
8b5009cd59f3e20f3a0d268e3ab6bce1

SHA1
d8628ff666f6e06dd0ba2d83e2ffc0d976a6c652

SHA256
cee7e3382eeab771c51f63235ad6828687ab5dda730da57e4d9d92c4a2162caf

SHA512
939800f3eced5cb0088c0d671182ab8ebd1b32817613d6a17018fdbaa8f497875e744346a4e48d7bb36d3c6540f35e749f6b8bbf25f00fed73b4dc9139b857dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
86cb077b27c632dac6ab69f881b7b0d5

SHA1
887ad39e71bc9a0b3c9ab6536e7594ce43368f7f

SHA256
b7badf708bb7d851e678223b08a3b1192d3e6acc17d93fddcbb175da1f3f814b

SHA512
6eef8dc22c070423b9beb043eac4016d569d19fc6a39f1ad7ce9a245712fb6359fc92124adf67adac4eaccfeae8b5c1fbed807aaae0c147fae18f64751924437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f00239191e16f23b17db5ae05d242c76

SHA1
9b1494bd84ddb3dee18262406b349bfc93750411

SHA256
29729761c3ea79447b00c282b2b1c0dc6fd94bd55c1c648b484360bc48285eae

SHA512
ecf0a24f17596bb1eb0e8dd8723e2f4434c6e706d41708542c6c5d7c7233dfbf7e13e37ecfa34d665810c4cbbe574a29038f75cd33db7d2aca1b05dade6b3230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
4B

MD5
50daa3bb26c21c90f2ec9e1945145dc3

SHA1
8bd3cee8ffe66d3e6c90ab53a709ef86f11655b8

SHA256
d79207b9e7299bddf3f665413e83f037de86578be19a9adfd96eb81c4ba099e4

SHA512
66742f5f99d7df91cb764da6acc61f19b068941eb2723516f7b349337deb6dd7650cac5d558b6bf1b1b23b097f0b91313d11fcad90f8c99fc46658fb9fd5f284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
a4e21d89198aa4dc3244327989dc458f

SHA1
0dcdc7e0a07f8495b4c1ea229a8cdc61f813f809

SHA256
73e4dd1dcea2396190337d728feb7bd6bd154ecedc8edc3db904bb56833aeebb

SHA512
d60de049aefb52e0fba48781d5c2b1d838e9ae182d7a4a8a0256f14de16db0a29f5ea7328b932533f8fadcbe9f6e8658a9df270ce2463a2862d2e1081f14d4bb

Download Submit
\??\pipe\LOCAL\crashpad_2444_RITKFQHMABRRJYYB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit