7de44716756b6959c82a278d3403158e801d58032b4ef611f996de7d5a5e80b5

Analysis

max time kernel
129s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14/06/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADPTR MetricAB Installer.exe
Size

93.7MB
MD5

d82230b756b3ab9d872c8f2c5d0cae78
SHA1

2eaeb8ec732d26bb8d22db6cf68bdca6e0d294bc
SHA256

7de44716756b6959c82a278d3403158e801d58032b4ef611f996de7d5a5e80b5
SHA512

5c6b2c86f66ffa5c27476e7fd3d677ff43338da9dd90cd95828dfb115de725b04fe614e870877e0bb0883f2f42ab67bd66fa1ac9ff2b4cc697176a544d2f68aa
SSDEEP

1572864:7wHPRDmC9GJ4CTDZFb3Fh7iSqZQvacrySMMsnsxdBYn:IMr4wDr3bMZ6DrHMMsnmdCn

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{26D59A2E-0EDF-4BCA-AFC0-C245D27DFE38}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
796	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	796	taskmgr.exe
Token: SeSystemProfilePrivilege	796	taskmgr.exe
Token: SeCreateGlobalPrivilege	796	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe
796	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 1792	4928	msedge.exe	90
PID 4928 wrote to memory of 1792	4928	msedge.exe	90
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 3264	4928	msedge.exe	91
PID 4928 wrote to memory of 924	4928	msedge.exe	92
PID 4928 wrote to memory of 924	4928	msedge.exe	92
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93
PID 4928 wrote to memory of 2900	4928	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffa1f2d2e98,0x7ffa1f2d2ea4,0x7ffa1f2d2eb0
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2972 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3120 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4340 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4640 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4556 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3600 --field-trial-handle=2284,i,10929329031241672843,14247265239157519597,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:2452

C:\Users\Admin\AppData\Local\Temp\ADPTR MetricAB Installer.exe
"C:\Users\Admin\AppData\Local\Temp\ADPTR MetricAB Installer.exe"
1⤵
PID:112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
64fbc39e52638b93fec7a5eb355f6d29

SHA1
f0b7b64afead3714fa385efc6a1eb11b5cab084d

SHA256
3ee710c336e7769eb90e1bc43990b17ff7e9649c5da26a935b042140de7c9824

SHA512
980df2d2c31a387225e7e7319c0c2917d963136da3fb53d8a68d5de90baf7dd42cf779f33dfba52098d79f2acb03e89671e4cda145cbe37157500d498f274bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\27619dca-5734-4fa2-84ec-8f88e26a9f85.tmp

Filesize
9KB

MD5
810284eaa24ec7f4831ce588b68d50bd

SHA1
34395f4865c164168c9e0a249a011eb184701293

SHA256
f2b9131889b7f9aef7dbd6d14d7935ef9e9416a541106f28a825eb4a9d3d756f

SHA512
99886ffb0f1b70521b7040d44d5ccae8acf8e876a6239d2ef681839502701eb1bbee3da6ede189d3192080da6b84ac82fca44c411b24b2d7c132863d7ea9eacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
d354cfa514605af90547a29e654bc72f

SHA1
24c5f3d4c7f3d6fbcf78f1bee029c680b77d2762

SHA256
a4cabe636c41f185a5ca69a4aeda06eac4ab62cbe03fa07671502151d611a1b6

SHA512
ad0963b0c0e50eb1b1090cf908e2e295f39b336592c48e6b5c5a4e458815b1ab5a719323a1f9c52a84f4167f37caf8916d6360758cf81904e135d94d6563753d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
33KB

MD5
5875830b3c749fbca2e70122403e9b0e

SHA1
c2bceeeb4b56aa3f16ee0fda25fde2eaaaba577d

SHA256
83056c22a3161987d4c4da89c361daddc238d8db472e6edb8cb1a02c9d61d3a0

SHA512
1f80f04c575bbfc6f0c8810a8776e639f4e4ec42ed3c77bc7bc216a0e7bf440e5fb3265e7fe42f3e12560214639c9f69644d46ec478c98831c6a559218563287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
510200469b9472b1a215b7caa592058e

SHA1
e0a03c68371d75d8e6f9f5889656f0322a23a45d

SHA256
f9ba1b4e61fa598d8518dea17c88b4445f08fab0dfd87e421ca56c85eb97ee58

SHA512
af13367dc3c70ff7ddcf1d45c6dd100fd1453b99d24fbec575c475a9816179ef9122f4614a7d5651f1393b35a7e1929dfe4a4932fa2fcd9436e8c0e1e40b363b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
30566f374adfd7d2be3e7f8c57658e9b

SHA1
0390944245ede65ab487480eb48a1b255386ab1e

SHA256
90295f436822e3fe409cac3e15e2493989bb3fe4ded269ae3e08abe73b189259

SHA512
61362f9b44e9c897e542bcf083104154d2a7e07d9851469a66cc16d77d2f9915cef185cfacc13cf11799eab440b25d749c60a88a05011ac9e9aefb2bd22a6cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
cb7465b71596bdc813289e89566f5d42

SHA1
84560d19738355ca36831ad0b18a41bd75fb8e00

SHA256
c8d8cce717dccce3d9233676824de750ee6a8c9b3c47afd2a0088bfc8222c024

SHA512
2c1e17e2d8d4f945d702b9b50e43c08cda276ca961fc60bdc9a15fe97fd0c1f8d83d609a21487956bc0a6be8d54df4fa6e4770d03b954ebe7104f172c4a0f600

Download Submit
memory/796-92-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-90-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-97-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-102-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-101-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-100-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-99-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-98-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-96-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download
memory/796-91-0x00000276360A0000-0x00000276360A1000-memory.dmp

Filesize
4KB

Download