hxxps://hurlurl[.]com/elfAH

Resubmissions

30-06-2024 10:29

240630-mjgf6sweph 10

30-06-2024 10:25

240630-mfyahszbmr 10

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hurlurl.com/elfAH

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4668 msedge.exe
4668 msedge.exe
1572 msedge.exe
1572 msedge.exe
2200 identity_helper.exe
2200 identity_helper.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
660

pid	process
4668	msedge.exe
4668	msedge.exe
1572	msedge.exe
1572	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe

pid
4
4
4
4
4
660

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe
1572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1572 wrote to memory of 1752	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1752	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4784	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4668	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 4668	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe
PID 1572 wrote to memory of 1740	1572	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/elfAH
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956ee46f8,0x7ff956ee4708,0x7ff956ee4718
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:3836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
2⤵
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,4325420010989423072,895703276555111485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
2⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1820

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2ec30f79-2ab7-4739-951a-7d272948ff91.tmp
Filesize
9KB

MD5
698c08b310083b556d4e6228346c47d2

SHA1
40514c430d68b1735b3ff8f86d2d3b2efec6adb3

SHA256
c0af820c741b7f6bc00a902d0bbdefd30fc6a6be2c6bf59c3b3188a8518d3304

SHA512
2cc9f27d8d1ace5f8908678dbbdb8faa6c9fa5cbdeb2c930ddf422ec5d6e5eb22057a7bddd9619d7a30966afbcaccf93fac7becabc2de9da507cf122db8a257b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
27eca13c0b20c594007dc3be272a11fb

SHA1
02d8203e99c66e2a608d1d5f58bbf2490723cd04

SHA256
b3c33abe8990685d05b726feaad0fe3241de3ccad024d30c2dafda83b4328bcc

SHA512
fa4b35b692b65ab07d6a8b0c7ef9a22b114846c689db21319d2c00105fcee3fb45690e364adf37fbe5573d1e88189b5606479ec139fa25e8a732fac6c0dbd8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cd84c594bc30fd01dbd8cdf4dd75236e

SHA1
155eda90a32fed6fe4ba9081b4f2a8979fb3c10e

SHA256
9e9dd9fdc2f9b4495edf3d4ecd0b2db08b31503f5c9e0e97bd18425366018a14

SHA512
d4040e4386b6479bc3453c40b0e3487b9d1383381ea7a344f382b8da59f2d74901fa4f81ed550ae865b98c43734891cf129705df06aac2cc700a62b24061bad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1fd831870714968c163b2057dd42d326

SHA1
fdf725d004419ad89b8c7c494f3bac25ff56bd4e

SHA256
3ac815e9d6bf7ce0a523da332e4368563c4538534a646b5601af0e32a03fc724

SHA512
8d25ae16dd9fbb6d330eba0872668f2e01a85fdf5a80d53c056723a50147f7c4272aa76c19f56ab8f26d195f6d5a054fa241dd163e41f805c0ad5179366aba23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
947fd4ddeb3e9f40992733c9bff133ba

SHA1
23d76e6ac9498f7e2bef36edb2862a4858ac6792

SHA256
de1583b865594ff9f0c41830937c2ca0d30ac27e92199832ab43dd7eb9a45bea

SHA512
72497ec059fcbc5e695b426bd72064835bbbd9613077d94d8a280aa34fdaea97d8965f3bdb980c1ceabfff9b0ce9bb3128d7610eafbb776aaa5687cae1d45d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e47cef8b1e3b29955e4e4f90469ed548

SHA1
2b343241163821cb54c61be2d832267b19b887bf

SHA256
9417baa9677ac235d5d03a5735f610434d1bef8efd0c1e8f7362aa5f31429920

SHA512
671e852ab04409b628dc2d67283b0ca9bbd279a8eacc267f2fc05c1eb4401f0feacd7fbfaeffe7858479e479f39b904d8addbfc6bafedaefd2b632f21232e672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
45c0ff12ca96ab8482550b9de4fbaf7d

SHA1
df88c69360d532259a2ba4af74da7db0e38d57e1

SHA256
5f33869e1517175acec06aed4410502505880b6ee44948eb54d46ad28d1996f0

SHA512
f796e16943ef694a52ed19230e2b64b2d04bd488a73095412fd7e5ad0b713b872289a3c993376fabe147c6cda03d0efdd84e2f73a1834a168ff96cf7e75f9c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
d9fe811e50518a233b860a1e20056204

SHA1
7198fd379915a88b575950b753b0aa58808609ed

SHA256
85d5c599d4783bd9c3667b72357a905331049deb25d581a14e1b4d4edf9cd4a8

SHA512
609da147aaa80056fc19a34a2879e63fb6a324624a19ef1ff036bc817f4dd801b5664fae75013209afa73beb4c2b263a247a4dd114de717a326565d903a2a93c

Download Submit
\??\pipe\LOCAL\crashpad_1572_ABLEQMPIECWEGTHQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit