Analysis Overview
Threat Level: Known bad
The file https://hurlurl.com/wXNIl was found to be: Known bad.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-29 21:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-29 21:51
Reported
2024-06-29 21:52
Platform
win10v2004-20240508-en
Max time kernel
44s
Max time network
45s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hurlurl.com/wXNIl
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,15390200289861170849,6491805760815638474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,11264606707697066849,16582816739296490394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hurlurl.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | hurlurl.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | hurlurl.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_2444_RITKFQHMABRRJYYB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b8d58017816ec4d1228a0e3f183bf92 |
| SHA1 | b1f758954daf70816a384d47293b5c02f669fb38 |
| SHA256 | 5a6692758863c01644bd511dc97095a53d97f66878d1cb42d2ccfc0673b3e264 |
| SHA512 | 5316eb36fb0c1d1ed6e0a730d6e016d3aa52c7c08eeb6d75b558061f41a4681d35ccce720fff084b01fe4c59330e78a61949befaa6ffebf2167694b3b963b0c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 86cb077b27c632dac6ab69f881b7b0d5 |
| SHA1 | 887ad39e71bc9a0b3c9ab6536e7594ce43368f7f |
| SHA256 | b7badf708bb7d851e678223b08a3b1192d3e6acc17d93fddcbb175da1f3f814b |
| SHA512 | 6eef8dc22c070423b9beb043eac4016d569d19fc6a39f1ad7ce9a245712fb6359fc92124adf67adac4eaccfeae8b5c1fbed807aaae0c147fae18f64751924437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d5e7061ae29e35db41f45e924b0ef3b1 |
| SHA1 | ca23958d6662c61cd41e81d81048986dab4c69c0 |
| SHA256 | c6568008baddfe8be83481ca30c5339a775548f900ccb24c0dd84db317f8bf1e |
| SHA512 | 8f0dc35e0816b253929379590757c130bcf77648707715a5eebabcb2fcdd0abf7ebfafdd25201eafc302cfe966ae3939460c24e4714b2e77864303db202a0910 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b5009cd59f3e20f3a0d268e3ab6bce1 |
| SHA1 | d8628ff666f6e06dd0ba2d83e2ffc0d976a6c652 |
| SHA256 | cee7e3382eeab771c51f63235ad6828687ab5dda730da57e4d9d92c4a2162caf |
| SHA512 | 939800f3eced5cb0088c0d671182ab8ebd1b32817613d6a17018fdbaa8f497875e744346a4e48d7bb36d3c6540f35e749f6b8bbf25f00fed73b4dc9139b857dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 0e244b56046f1c7237f11ad752779880 |
| SHA1 | ad796236e31460ab4a935206424637441b85e752 |
| SHA256 | 369214ea3283352446fdc25499f7cd5c3884947b44c122b770fe5791cf4d40da |
| SHA512 | 966d4f8be0f557458548569403c66cdb4fd78281dcbcd1c37254a098a89162283aae1570026eacdc96de85e44080652485139c9e9bb3446dfaad065c79293ee2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f00239191e16f23b17db5ae05d242c76 |
| SHA1 | 9b1494bd84ddb3dee18262406b349bfc93750411 |
| SHA256 | 29729761c3ea79447b00c282b2b1c0dc6fd94bd55c1c648b484360bc48285eae |
| SHA512 | ecf0a24f17596bb1eb0e8dd8723e2f4434c6e706d41708542c6c5d7c7233dfbf7e13e37ecfa34d665810c4cbbe574a29038f75cd33db7d2aca1b05dade6b3230 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364171482310034
| MD5 | 812bb1dcc00fc48b6cb15cadb60fd8fe |
| SHA1 | 9266273bb6817067258a2df34449f59c53884876 |
| SHA256 | e49cf8893b8babba2fd27a6020a196e03ff3cd779de01b09d443e483e1430986 |
| SHA512 | 58b23e3b173f74d1183a918d5be8e35a4a42b86f051abf8f359a6e077a705299e5334cf146b2cb0dd7f96184340c164b5771042d710eb9ea85253c47a337d1b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | cbadb096c426576393be1de7ff663565 |
| SHA1 | 284d75ee567e583554544927feb6474438b29895 |
| SHA256 | 2ae6efe7ab70b5dd0a655dbfb34413ffbd66cb3691e063a8d978f27fa5aa5ed1 |
| SHA512 | 64ca0c80a70fed572a1a105283c2617cf6b6876d2ff403c7921d1f1fcbb6cf988b81f075a08229daa66bac1e8356207cb0641f0db77aa82a431e698461115ede |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fb3548a462b114e4c9c925d16b834b89 |
| SHA1 | 0d5b9d0fe52710d51ba3bdb9415e453da1668479 |
| SHA256 | 5e625f8d1e1aa1ba31ace137db33983af2b76839b64b6f26bde60dab2ac78f8d |
| SHA512 | ed0d2a20457fc39e37093bf2e90e0567e5e15c423d13ec6395341739cade724e6461e9123ebdaf776d8e562bf96bdf1b0cbf0a076c4d0007b5390575bd132498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 91dfbe95e4474f439f39a2c76cc39224 |
| SHA1 | 0dd2a38d03fa5aca9cf7b2e092865433ef330e86 |
| SHA256 | fec2e2bc558e3d8e46bf10f6f2eac7fa381ed98be3e397308194d5af4f646e82 |
| SHA512 | 27c9feceaea12671dca5b955f43777c1b9523ab188fb1b08af724f48bec8d0e56c3a46b3399e7f6819e0bd4d37b8b48fd99a4d5e5578a9cff5e365bd6b0873dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | cd86b02417eb83553865b9d3c161c35f |
| SHA1 | f5b3001508c7b01d6d687cd5f008cf2403a78273 |
| SHA256 | b2fdcd81305757256e2b87a975d8c5f88bc8f85bf4bd4b59bc6da3f9dc663674 |
| SHA512 | 4b1370e85ab5ae358a6edf648a8d05aa6bcb37b550dee36e64c19871ebc4a6f264ab339ed80fb4f7b9b596cead3acbb4130986b7bb87a939ce7e555e395a7129 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | dbcf2d641aa490475609f9e4393b5086 |
| SHA1 | a6c7f5c99d93308f1be25409b3495b2bdd794140 |
| SHA256 | 2ba1b6f5500bea830146353d0880c369aaee5c3f891aa632ccb376c4b2499568 |
| SHA512 | 93ab00c1098d8dd480428bdd427aa89860ece786a24b7ed10fe2c2237faabfbf9ac71061de40fcd55bba7117a0116ddf11e1f91ed6e5692e00e70ee39d6a1729 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f50a091b253172037dd77531196b8e6a |
| SHA1 | 7b7f973390d1ca3ab838fbadd952031b92cf2f2c |
| SHA256 | 518fbb4abc9695517fc23bc4e93b866318f41deef16b265c3d3d11e3a4855225 |
| SHA512 | 0f650bbaa413b1a4bed72de2420104e9d032e47bd3a06e8a7c9b93d24ff1770d1dd9775d09931410da99e6c77ec5c5f0982dec6fcbd77d4939f413aeee447856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | b6e42424190bc52c6f78175c538585c6 |
| SHA1 | 3d4f39ff0f29ed2d540da8740358ccb6ecf5f173 |
| SHA256 | f376dd0cfeae08c53768e53cde4cb4f2a2b51e970812190e1c181141eaabeac2 |
| SHA512 | c9e6fe9c86bcff8ca196b371c390a4c783d19efe85eb2cabed080038e64ec6372461574684e9d6b149bdc6147631fc29084647b31c96372c871684dace1c3afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 0a3ed96705c9c92dc798340409ec676f |
| SHA1 | c9fd479cb605d15effe8184e94e26412e1e3dfb1 |
| SHA256 | 130907248a84fe3d3a4f178d301fd65849ac4bfc783c900e6e02a9868fdb8716 |
| SHA512 | 35f89f07cfde4b7abe184f1b3fb55bd227c536d6a85b481c272f4eed20f6366e93c15d1dac413023eec2b2e3c8654739ac0556f1466abec05731145abf28b995 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | a51422a3ed442e105cffd0453b728cd8 |
| SHA1 | 02dea0a69114c167ddd0168939b9b54065a42647 |
| SHA256 | 1c9bd0680fb4dffed0c2ef3c1965e3a7201b24a5da46c8c07864348f23ff60be |
| SHA512 | 5b408186760707c723c69a876b6e5a8bf56ec52f3dac6986a10ca81dab9edaa5f0704ef8839b61dba7a6d7125ca92c2824304eb1b010a6766e01184b2c79ac0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | ee68f64c1f735ff7f53cc021ae7f801d |
| SHA1 | f2aa9a8142929b0892f6ccb18a348f1fd2e0830e |
| SHA256 | e20d037e25aa0e6044451c8147363065fa0d6bd8dcafe9be56bbeac7fb4cfa9b |
| SHA512 | 7cd4735d6b8e8b06c1274a6b18fe63e74967ca3ec11dff33a77d93fdb4c958a9522aa0ad7c2c438405d92f809e3f7b39cb26a9341b27657229e74a083c59bdd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | ab7f2f8f728ab1a519ff95e6af07c963 |
| SHA1 | e6ce97351653d327edb286b552c5faa7b4fb20c6 |
| SHA256 | 76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d |
| SHA512 | cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 9ec6e75936b4910e0c500ac041058379 |
| SHA1 | 4d8769dc15fcf10edaecbaae0ac9610c36b3f035 |
| SHA256 | 96c34aee25b48229c26a66fc82aba298e96c3df5f8ed4f61ae869d0add82bbc1 |
| SHA512 | e238535619d462a13883131c175d25e6617d9e56898ae7ab50191ed1b85d791378d171c99ec2a6d52e63f7a740f95d20fbbef0c96e1ec9185480722e2f12dfd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | 6153ae3a389cfba4b2fe34025943ec59 |
| SHA1 | c5762dbae34261a19ec867ffea81551757373785 |
| SHA256 | 93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61 |
| SHA512 | f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 389d9a5f560a1ef6e5b090145bda0e9d |
| SHA1 | 5099cd5ce4e94d5a03a6beb47a9a8262f6450774 |
| SHA256 | db008da4c080f555888908fc641c57bc72e846d7f3ab99594e9b7349dd8d94ff |
| SHA512 | 39962e4c7b4a1de3f30c9c8477213bd08bde333a21ab314e50f8044ab99dfe3b5337b83b86e987d482bbcc3c3824631de567eae67beb8ed43e88450072a87097 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | a86e40ca8716f538758a18264e528742 |
| SHA1 | bbb98ef6768cd3cc938deaa8adf759fbcba7c575 |
| SHA256 | eb4b35d407c9e22d386b521d5f911659803c1a6278e65319e9a2233b314a626d |
| SHA512 | 5a16050538805e5d72a397ed2332887b75cac7157ad68f8635774fd66a8276cf6e894701ba5f35adf12662aa10fa3f8d243fe620a658b11fb31caf579dadb064 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 8b7813baec8c0400fd5bd7081fad0065 |
| SHA1 | 01d2804c90b363488bffca2a0739436ca81f1ae3 |
| SHA256 | e5d062cda39bde70c4566b2a77c22ff040f78cb1e75b1f4d5486db5526818816 |
| SHA512 | 709231784fa32393d14b9e5a2ae6514cf5f275b927d079cf1fb3c169d5cd2dbc23bcc9bd4fc4501604f6b0e1e1a4891111d9d1de7341ed96d40cf131ca8d0ab0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | fd238d7647c8ef59bf091e0e99d1f79e |
| SHA1 | 3320358a34c84eb77e4acfa8a03cf0d1b5e527c3 |
| SHA256 | 7fa4b42485f714a64aa373ef5e55d3ec8fc60a752d672e57923e3430856c7c32 |
| SHA512 | f4d319f2b6470d4c4e924a6d58a26c994725734eee70008e235ca9d0cb15cd603292a0a8d8422e4fdd0b8d321e6e6f6e48f76a97b2719e706881a35d81be48bc |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | a4e21d89198aa4dc3244327989dc458f |
| SHA1 | 0dcdc7e0a07f8495b4c1ea229a8cdc61f813f809 |
| SHA256 | 73e4dd1dcea2396190337d728feb7bd6bd154ecedc8edc3db904bb56833aeebb |
| SHA512 | d60de049aefb52e0fba48781d5c2b1d838e9ae182d7a4a8a0256f14de16db0a29f5ea7328b932533f8fadcbe9f6e8658a9df270ce2463a2862d2e1081f14d4bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 57bb74ffea227cdf6b1798f353661501 |
| SHA1 | bca63401a6af797100db12bdaae42adc0cc67f01 |
| SHA256 | b3fc6239c9360a3e52e80de2b9904a935f934197847b8fdddd9efe1272a74bef |
| SHA512 | 18b61e750cab2fcf82841fa6b26f9954a3cfbbb96e19d09d1d650f4c8a541fe3814717904a73cd5cf6e09424f0b8d85f7ffa83c0e40f149c1761807bf3885488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | d39ec3a9995856ed3b918d4d7d93c5cd |
| SHA1 | 1c26aab3dbe4768810b4e456711103f717d2be55 |
| SHA256 | f02b76bd3a46ee55e4d81c5f0f3d6d80c955cb83800ed54fed5ee04acee23fba |
| SHA512 | 2c83a7ad1db660aa80aa995dd516f5f389c1cd6d82547dce6b0293e26725d8a8d14b5fd91f3e89185106ca78ec44f544ac9c120654c650293efa5156a7de5df8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | bfcf7d374e72bb401f9ad9f18d5e1d87 |
| SHA1 | 81d6e30f618a6d140634249c5c4c785087d4f45f |
| SHA256 | 386dcd49bbdc28dd733c4fb15d41280f4c6113c33f3b01f1f2570a7a20a97e02 |
| SHA512 | 424692c318720a0136236354e5ef0947f2a90583f958090cb0f00bfc91d24cc9e3d0bf592a571473c92137236d545bbfd81c7f035ba15c512bb002e0a588e7d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364171482093034
| MD5 | 4e28e026dc241ee2ea2f0b11802247c8 |
| SHA1 | c4db6d04da328fdc573b9723ddc522c38b88b94c |
| SHA256 | 45ea3aa615248ab1ea1286923f4cd55342217cb26ca05438bdfff47d842ccc90 |
| SHA512 | 89484ddaff040f2ecdc04955b8e852dbf0a7cb168ceff4bf52c0c299aed5baea830c1f6afb6d5c3debc542e90181afe28997fab843a98dc58a40dc6c24472076 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | 50daa3bb26c21c90f2ec9e1945145dc3 |
| SHA1 | 8bd3cee8ffe66d3e6c90ab53a709ef86f11655b8 |
| SHA256 | d79207b9e7299bddf3f665413e83f037de86578be19a9adfd96eb81c4ba099e4 |
| SHA512 | 66742f5f99d7df91cb764da6acc61f19b068941eb2723516f7b349337deb6dd7650cac5d558b6bf1b1b23b097f0b91313d11fcad90f8c99fc46658fb9fd5f284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG
| MD5 | 30f4741568f1c3beec0b53ba668a401c |
| SHA1 | 958b5a4c1a942132676b823a6e84a9bad29c06cf |
| SHA256 | dde6e28f8361445441c785d37b01f2be85b6a46e607a05908f493e4e860813ee |
| SHA512 | a107b75c290fc60fd210e2fc30b8be398ddeae7ecd1a0fb9082fbf76d006bf20c964518ba8521189955a46c1135d08eec7e7412e0303cc8701c928491d911663 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
| MD5 | 031d6d1e28fe41a9bdcbd8a21da92df1 |
| SHA1 | 38cee81cb035a60a23d6e045e5d72116f2a58683 |
| SHA256 | b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da |
| SHA512 | e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
| MD5 | 9e02552124890dc7e040ce55841d75a4 |
| SHA1 | f4179e9e3c00378fa4ad61c94527602c70aa0ad9 |
| SHA256 | 7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77 |
| SHA512 | 3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps
| MD5 | 2b432fef211c69c745aca86de4f8e4ab |
| SHA1 | 4b92da8d4c0188cf2409500adcd2200444a82fcc |
| SHA256 | 42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de |
| SHA512 | 948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts
| MD5 | fca621466ede4c2499ecb9f3728e63ab |
| SHA1 | 3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4 |
| SHA256 | c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8 |
| SHA512 | aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor
| MD5 | a3a9228e24dea6bc536fec553285422d |
| SHA1 | 535023b98c252e0c436d3032d6c70aa19b1d2a64 |
| SHA256 | ad1eafe044190202660a18cf8c605322c0697e7861053d6bd9c2c897e58af6b6 |
| SHA512 | 154e1de4da3bd2aac6e10fdf6f01a02d8a970b66eafe87f4ce75bf8586cbcff2af81be64f54dd56d4d64ae785cf2158adc6130e2dbd07f0f3c2128b2a914c9f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor-journal
| MD5 | a37065b98b4a9c6014cfef3f68d5188c |
| SHA1 | 79f060fdfa1c6a25a6def671f22fb8bbc0ad1929 |
| SHA256 | a58f348aec387f3b78c52685178788974a4de7cff05693ecb51b5646d848bb24 |
| SHA512 | cd2b7404b264297daa7e0798ffc71b12916e7c3983bb519b082043a19d332dfb7b716b09a75eb6d3101e5b5ec25acd6efc1dd15ec128ada1a45418b6b7b9eb48 |