hxxps://hurlurl[.]com/elfAH

Resubmissions

30-06-2024 11:14

240630-ncffzazeqm 10

30-06-2024 10:58

240630-m226lazdnq 10

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hurlurl.com/elfAH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2852 msedge.exe
2852 msedge.exe
3664 msedge.exe
3664 msedge.exe
2196 identity_helper.exe
2196 identity_helper.exe
1352 msedge.exe
1352 msedge.exe
1352 msedge.exe
1352 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid process

3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe

pid	process
2852	msedge.exe
2852	msedge.exe
3664	msedge.exe
3664	msedge.exe
2196	identity_helper.exe
2196	identity_helper.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3664 wrote to memory of 2264	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2264	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2976	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2852	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2852	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 2744	3664	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/elfAH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d59846f8,0x7ff8d5984708,0x7ff8d5984718
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
2⤵
PID:2220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2450834153955147017,8403782021325841779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
53870cae88f3cdf28334fea30bae619d

SHA1
9e4bc8f68732a66aa4d229b199aa9483250fe973

SHA256
22aa93427f503892dcc9e0f4d281dfe60efa6445c298054c892e59cee973076d

SHA512
c3b368034dd6762d8344952e92bb900d7ccb461b39a1f7ed33a94885111e102fc63961aed6f1b67b2017ad2b36311e02446028026a9cb51050d9801b7ec09640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
05769d1f23bd3e59b181b17951e560a4

SHA1
327eb7234c10c95d48a46c002c5bd56418af6609

SHA256
f517db75a793e5d9e509b0da69fc42adc404d04f70b6f641af1c7c6cc67d9161

SHA512
39e3d132c0e0fe366c109d532b1e1e0822ae70ae5c2d5aa066a54b9fa7f3d1645a853ad8c4568106dff7cececfff768bd348ab4647165b96bd02fdd7c5afe597

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
d817dabec7e7f561f2d3c9598132715f

SHA1
ab93249192d3a5d10000a12c35cd9617758bd720

SHA256
e4170b4ea9e7c822d23ed4aad042abde323a078d932f9528d79f18d5b17623ad

SHA512
a727dad7af1223db9bbd4e0405dacb797aeb80a1d5441d015e0ed75a43bcf2bdba08297d0bcfd07cea6c24d7bd6ce69c57d08b8ae0deb53e1aec82f766e7defb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
3af1b2a9da6c06d88f9ccbdf05275491

SHA1
f88fa306b1e3c4c113d5c88297f48c984731fb87

SHA256
e09b43c76c8090585a95c6a0e01eb87b5bf2d89014bbcdee20b42565ed9a7167

SHA512
6cb9722dfba0c35877350cc475e40275045328a53b61ad064155643cd9182691e50d7dd91ca755317f5efd671be091c2ed405e5313d34fd345c7f4c64db06dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
786B

MD5
0e308265669c809d38d66c5d7ac4ef5f

SHA1
bc58750d6cbb78e75257699c5dc5bcf58e58b2f8

SHA256
6cda02e06caadc2cc201bc67739511b12920709c43052da15bd2183c7b69a146

SHA512
760b42130e2d9f7f9663962fc00c917d2aceaeb33daeb59bb5ec361ef1c735f6a9e3dfe4c85d380333776164f7857892d1e42d896ca81f0bb15d451e21900808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1f830a0e18686d1ea1a3a9d9a2629b21

SHA1
f01f36ca03e9c29388fdc62413f24813257ed4d8

SHA256
dc170f86219f134ba8a11ce6c01a651c42c94ad1c92fbba120dbfe2b50e227c3

SHA512
c30c6282fbe4e0527f671f0865cda4fbeb692c012b7694c6045afdcc9446d63f81ad4691584e574795db591a3d32c53d5daae4fca7ff60dbefbb7d966a694439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a71ff9373ab3a1f72626f6bd442fc54e

SHA1
223824a05b37edec2ecb76796b2a72c70a41f563

SHA256
9f136d41949d22e2b8440dcf6f00cfe0f0dcf91fba934ab1ea55fd1f2a8a1d03

SHA512
c07078f20b6e0385bd9def99c485875188dfc827b2c1892d284930a7872ed27f41515d9e055c50f605368f5823c747f7c299b36bcc63ad46506c18bf64a982bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
4bd85789ff2bf581a15099453079bda8

SHA1
6c0272314d33f5ee715941de78ffa0a176a7eabe

SHA256
919e27c43d8ffd9f8a46558975013b784f27214f3fb94bd7bf42d34758aa0d84

SHA512
fa6a60439709fd5e1deb6e911dd746298f91381e5f3f3123063e1495d411e0fade9ee824013caa35d29892d435e7c3639a1dea20abe251857052ffeac7b7f268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5dadc733ad7b6525fa66992eb9c3b4d5

SHA1
c3b77a935c3fda7841fd1d847fd7a6ea2c99a909

SHA256
87d4c0772eb6fbc3e125d39bbe1a36aa936f56cec3e419ec955c5da0b3e9167a

SHA512
48efa1a6d858bb6696e91830c79f72baa05a84a36bfc91e7541713ba59a9a314307de37b7450f4889216c488ca142a99f944428edacdb91f689ad984ea93ad1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
64f449ffc930d337c84baa37c9fc0c45

SHA1
afa2960cf1f1f7f604d6c210cea246c8f2d0eda9

SHA256
bae1f3068d81c612cd170736fc5504b0c935b41a0f31d2cb78692edce86aee56

SHA512
0eb36e71a8c9c2c61dd7db818ea3ddfc55e8534a7b9feb35b2bf3f1df8afdf53c7551ca9cba3f90cb3e15e6b3b8510965ebabacb93f3886603b8c1ec9b770f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
39ac2612462494a833b54c5af29a3d29

SHA1
a7c91891c867fe850a72bb12fc8ce61b445ffe5a

SHA256
44209050a17fed49ab9cc9d728b1d822c2324d50a6cbac2cd7f24caf26e6fef7

SHA512
761d43cc642398350000d7e67e1bb7907db13025a0a9878931b8ad7fad59c27122568336a42cd6ba57f3f3355eee198b6c45bb752ab55d5ec451cbb81703bdcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e809.TMP
Filesize
708B

MD5
57117c90452dd6007f2af305ea0e2e9f

SHA1
3ece988636690f9565e9371286d5e511b69080d9

SHA256
8c63b6e445557a06192213e5b0eb1c2730ce29bff63f437c90cd6eed8d79a1e8

SHA512
d0ce5967149b224ecd87d7c493a29cadfda9e01e56296a302b8f3c4bee39899a1e7d0fd6b8edaadb6f79db6404d3d2aa12ac9e5b9b18c394aa5d05d05de645d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
af120d70d4f0ef4d5e6d95e6665adc87

SHA1
9c04d57abd1108354e9bb8cf42cafef017034159

SHA256
a2da51a80255ba03dce60a1602e0aeb2fedb14471821fbd7875b1477a8e29164

SHA512
cccd49b9191ac10241613196d36e64725a897a291858b23aed2540323ab85bfa1fe7c29e5e3543c039a1b699041cdad60f61a7df49ebd587f1bf86312a50bfed

Download Submit
\??\pipe\LOCAL\crashpad_3664_UYMWFGKKIIBAYGGC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit