c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2023 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe
Size

1.7MB
MD5

5e0e1c26ab19c0d1e16e5440ed3c56c3
SHA1

57287342ddc4122ddfdcc5142d12b27c6d77dd01
SHA256

c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8
SHA512

17b4a48f74cb8770ebd8f578c841bec6d69c05af501afb8df09cf106f9e2b09811cc4503cc66c04dd4ccafafdb68b60b002c57e856cc8806c7367a5096abed93
SSDEEP

24576:LaDXyA8T4M/LfPE6sV9jeDLCUII26BhzAUms6T0rmVB1A0ZVNAhIke:L/X1suLCUINSmUL6GmXa0Zzn

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6ace79f8-e26d-4ff4-a4bb-197cc73f7cd3.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230602101444.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
1796	msedge.exe
1796	msedge.exe
5008	identity_helper.exe
5008	identity_helper.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5048	c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 1796	5048	c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe	85
PID 5048 wrote to memory of 1796	5048	c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe	85
PID 1796 wrote to memory of 2600	1796	msedge.exe	86
PID 1796 wrote to memory of 2600	1796	msedge.exe	86
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3760	1796	msedge.exe	88
PID 1796 wrote to memory of 3696	1796	msedge.exe	89
PID 1796 wrote to memory of 3696	1796	msedge.exe	89
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90
PID 1796 wrote to memory of 2236	1796	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe
"C:\Users\Admin\AppData\Local\Temp\c822bdd42dd73f3a8f6454bf6abbb5ffc21b8316e215e1a1d4b9417d0faaf6f8.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://privacyroot.com/apps/scripts/uframework-web.pl?scn=sede&version=2301.00&fipr=02beba1e84abf3e2ce7b3687e56b6e24&pcid=4f4368d8d78c2c7fe70d08fe1b629d27&location=site&iso2=en&iso2ui=en&lang_sede=
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffaf0746f8,0x7fffaf074708,0x7fffaf074718
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:1004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:1800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
    3⤵
    PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
    3⤵
    PID:3372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff688e75460,0x7ff688e75470,0x7ff688e75480
      4⤵
      PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
    3⤵
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12524327957912545685,192884078162845479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
377B

MD5
0d748c0a33f65203ac95490b3dd2917c

SHA1
0c04ebc57d2f648d195694791968d53b53800c39

SHA256
0c33b2edf0e7613eba5f972f0c8794015cc226b4d264a73893b315b13bc09295

SHA512
b68db1a19f4d25a653b62834de19cb31a98e0fb4e1bcf3c68ded0b1a896fdf070ca9095973a8e921c3380cec6c85df54e12165625fb4aee1948e0f149764bcad

Download Submit
C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
488B

MD5
174b86306995725d9851017893b85a39

SHA1
04c91c82014eb019af25066fe9be94d76bd13e55

SHA256
78b75a75be1f9849828fd3f295320e75616dfafc8bc4b537c441edd6fd0b7885

SHA512
e0d124b372449c537d9f4bbd9199e3d563a1205bd2e686fbf8fb306d4f5f5dd9bd20d29ef646dfb8bd01ff5784bc24740f930d4be78a1999c4ce1cc93f8da38c

Download Submit
C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
657B

MD5
cfcafa50c1cf03980a31e2b84a50a802

SHA1
022b23c07ff70d6173083869f92a8b6b7ff5393d

SHA256
e37a451121b11efa83505ab7faa70516e00e04b4cd58d5756fd60f49f8528df5

SHA512
bf7ac8d03dec374592301bb071affd5b06003196ca4a58698e78f7036fde040540b633e902f91cfbbbf1b6ca041d5689c813c6247af5e4704b145da7088460ee

Download Submit
C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
763B

MD5
b1ee7e6507ecc380d023969fd175732a

SHA1
4c9ae91f5b81687291c62b559b97c90e1543a9d4

SHA256
6c6316cc5414e4db4b07114fd0438658d723d2345e28558d7a43f341cae8d82d

SHA512
35a430d38298a2f25f5ee863e4decbaa67742ab021c4f00e4366e425688d9c627d3e44e2b79297d9028a7845a2a1bad49102a09308c2aa5b2309c637c6ae38cf

Download Submit
C:\ProgramData\WindowsHardwareTelemetry.ini

Filesize
1KB

MD5
7234febfd9a55d191e6f207551afc9ae

SHA1
c50402e33632873bf6e0fa0aff180ba3a640f069

SHA256
f26aeaca6623652aea9da45bf991322be920b6921582fae202280b1868d5c1f0

SHA512
a8bf2415f1d23cb23dc06c28b065102e37164a140f298c91882b75cd94414563194fd2dea27d430f4414f4ca979d8cc5cf1cb26d1520981b1b0e0c2dd10175d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
1eed4704196f8150eb743f15e0901626

SHA1
c249dab2c8a8498c906f8852573c6818550584a3

SHA256
ebe5b21893d5cda3accb88596caaa9e2831935dec434539974b2f2b8f3c2e952

SHA512
85a86c02253151f000c466ea42a6d18112970359a74f84f2f5d93eb4f471fb6bc877129b8880d603fd0e34edb420d5dd97a19c4bb83262eafb24c9aa7d3ec04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe571b58.TMP

Filesize
48B

MD5
7ed67889fe039d21e7b228aa5b9a25ff

SHA1
f63e441f0e03fff747808fe769d41708b9415e0b

SHA256
7d1b47f627bcddbb06e1364ca5994e84b869ebbe7b5470befd82163c27381785

SHA512
6b128e85eb11d7d708f61d202fbe7f61ec4556f1cca4dfd7f9fa55cdfda11048c2434ef372a28e7fa3bdfaee1ac2b1c8d35d3cd55666e962c8e53b4258964cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
e038deb9fddefb7a7a95925fb90d171b

SHA1
b3c21636914cd6e53403a524d161cdfbf08b8346

SHA256
0aeb04ee66c9782d0a59845d4889d5d7e70d4553f16b94dda9af6ffdeefd340f

SHA512
2f243de031dd0ae1a8a4e499f3f10c2cf1064473a0c07314948e125dba7bcecd9e456fbc4cf79855746ab5e64d219cf70f98b0e3863de8d668c587055cdf6b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d0f6f74d7dc0d88af3b8d46a8fd8779f

SHA1
736c85e4d91fb7a8429c97f9e58fbc80d70a4f70

SHA256
2d469ee893e2061deeb83bbb5b6014c69e49cb945c023fe1a8da112c6db65a4d

SHA512
1594f3ba3cefabd59dcc5c4b5a987e4a6b778602b23c0b76f768d6dae77b8dbd66bb12a6e88f002337b70c61f8b2c73ba59e39cd549048a5875f9cbde2046652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
0330115e96213f9984558d4516910dd5

SHA1
5258fca54da9361b54e4c34ddd504e7a089b9b08

SHA256
7c6ea119a5282ccc5783ab6389fac134ed162602ebbe3e6643faa0aca405c83f

SHA512
0a7142666b4b502c0361e0001e24d918b91f6dd04b3cae9fc7da9ffb7e4ab93a0efbf4e27ae5b951712c2c6d8711a3795f8281b79189c33065e28c28d0132eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
011176b613de80920730cfd3d4b8c7f1

SHA1
73fc772b5082fc72334e8dd7d8b56da29077f505

SHA256
75522fc408c1637b5ace01f346c0b372858269e6b2b1156439b0977eb3eac093

SHA512
318be8fb18e2d8ee3a4a82a1e1d94880f4e74e458af62c7464e40caa2bb133df2a1961fc3cac177258d695e3073dce3bc1940a2c00047bcd53819f6bdb181fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8a506b7c81c5b1103eb18311f5dd53b

SHA1
d311c939d8d694f4a2394487a952d040b8ff48b0

SHA256
d3b03925c9140a9164deaee81c6cabae716fe60b51a26e081ec3f79b899e28d6

SHA512
74cc331f46d53446d9acdb758ea6001a646e2886e4d5706126a15c4a8341214a39cd08bbe94f710d3ec89850f3718be665e58a0ac7e1ebf6110abd6fc0161385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d162b75c0aaa699e081d575985762446

SHA1
6efba1a79c4ebd036e9f3621e5c45a6b2d9fb25a

SHA256
e71c5b9b41c863ce64df113818a785cbc29b30371307de29eea8f98686dde27a

SHA512
61d8401bb98a1d9e3305eec0fef7cee13448d0f9b2bee20149bb79ab22af1a8239d0bbfcf2ba34367ea0f281ff4e827b4584769e3be4c3b783b1920dc7b0f5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32521d131a7fdf05147fc04012038c2a

SHA1
89c96c8e6e36e6b252ae659b01c0b8651449e76e

SHA256
99de2a8a1d4cb3e03bd6ad69d22b2166668211952b9321b3c807c35ec465eb43

SHA512
3d1bfa89013f0093de1e2baaef000d6d8ece502774b4c28315d63f0611ae514699391fc371e5b7bad61e5825b8500ce1a8537b00d5b6dd75b2001873a0bddd1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6fe8e5d637352cfeb0ecb121a8b8f3a6

SHA1
753a0a8c0fa7fc59d57702aa2f986a951bca9d1a

SHA256
5bf7cab17330e56130e745d3a8fb8db026ae3a3c8cd832a4a99b27c4bfaa46fc

SHA512
69aafdc6e40b9377fd5787b83fefb953a1449c0b518fa7a6697da760bbf77d8d106164385febce7506543bf40514c28048b0b1cef41a0e8e9a70e25d226ddf42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
565b33cbf70cca9886010514a31468f4

SHA1
6e6751214d51622cef86248b236417c049d21fa6

SHA256
e7f94512616d0af26048d1f66482925531d84d241b243a2b15067431b7daa2ac

SHA512
148793499406c2d82fe0c6272eff3bdbfc73cc79d6a9e07b4ea8979663e25e4c7c8aefc21dd49481c95481488ac741d5687d1eb0a49fa2c7e4906835663093a6

Download Submit
memory/5048-133-0x0000000000430000-0x00000000005E2000-memory.dmp

Filesize
1.7MB

Download
memory/5048-141-0x00000000059E0000-0x0000000005A46000-memory.dmp

Filesize
408KB

Download
memory/5048-140-0x0000000005260000-0x00000000052B6000-memory.dmp

Filesize
344KB

Download
memory/5048-139-0x0000000005130000-0x000000000513A000-memory.dmp

Filesize
40KB

Download
memory/5048-138-0x0000000004F20000-0x0000000004F21000-memory.dmp

Filesize
4KB

Download
memory/5048-137-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/5048-136-0x00000000051C0000-0x0000000005252000-memory.dmp

Filesize
584KB

Download
memory/5048-135-0x0000000005AB0000-0x0000000006054000-memory.dmp

Filesize
5.6MB

Download
memory/5048-134-0x0000000005080000-0x000000000511C000-memory.dmp

Filesize
624KB

Download