hxxps://github[.]com/geode-sdk/geode/releases/download/v2[.]0[.]0-beta[.]22/geode-installer-v2[.]0[.]0-beta[.]22-win[.]exe

Resubmissions

10/03/2024, 18:29

240310-w42saahh46 8

10/03/2024, 18:22

240310-w1dahshg88 8

Analysis

max time kernel
137s
max time network
133s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/03/2024, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/geode-sdk/geode/releases/download/v2.0.0-beta.22/geode-installer-v2.0.0-beta.22-win.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2972	geode-installer-v2.0.0-beta.22-win.exe

Loads dropped DLL 3 IoCs

pid	Process
2972	geode-installer-v2.0.0-beta.22-win.exe
2972	geode-installer-v2.0.0-beta.22-win.exe
2972	geode-installer-v2.0.0-beta.22-win.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 813099.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4732	msedge.exe
4732	msedge.exe
2024	msedge.exe
2024	msedge.exe
3936	identity_helper.exe
3936	identity_helper.exe
3432	msedge.exe
3432	msedge.exe
2008	msedge.exe
2008	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4580	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1136	2024	msedge.exe	81
PID 2024 wrote to memory of 1136	2024	msedge.exe	81
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 3548	2024	msedge.exe	82
PID 2024 wrote to memory of 4732	2024	msedge.exe	83
PID 2024 wrote to memory of 4732	2024	msedge.exe	83
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84
PID 2024 wrote to memory of 4816	2024	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/geode-sdk/geode/releases/download/v2.0.0-beta.22/geode-installer-v2.0.0-beta.22-win.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff55713cb8,0x7fff55713cc8,0x7fff55713cd8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11011278123614442199,9711704618115091731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5460 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:820

C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe
"C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2972

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
549e92b0a4229e904e9a9d93ff9a90a9

SHA1
967cd459ee30c0f0ef0f696e9359190d81e4eedc

SHA256
1513cf5e14d616ed46e61641dcdb0a09d812d03352672fbfabc41bba3dccf747

SHA512
753cea7693f0336b3971edd26b065034769f818961fa55d3f9cf0078d623fc05c6007c6f5d9fe50673877d3186f70d4d10c14d908cd84ae9c14f7c31b99f3364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
939fe5871ecf1fb7b4c3d3d8d608af6d

SHA1
ad703c4e7e203d5224ed550a4423fc86a6a07305

SHA256
19d1783caed76bf45bb13c3e856bebdce37a2794909cb26e8cb7f5331b9181d0

SHA512
787ac6f02d2d754a4ea19559f6cb650bbb7d3605c0462da37d6720aa1881edd4e916c751d85f062aa097e99bfacdf35ac63a5aeb39f598ccbd1a1b445043ad74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63e45c2faf94c6b2576e969d581e81b5

SHA1
95aa84fd187fbc30aeb230b3cc5bab0522ccd5e8

SHA256
22f90f4aa46ee85fa7cef96f738d54ced3573036f0d5ee651039cebf19bc848c

SHA512
7109b7cfd292edb5873d9c7e15e7cfdd34f652afa8f83f702512a416a671c2857f1d741a72691c18ca9439ea40d43364b0508205d622bf867f99dfaca0236b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33d94975727b1d3c5853a8a6c7406a44

SHA1
46735e62b5f8dde752e79fc0570cd662a9b97790

SHA256
0a6ea5a4a2d004e061b3c229475fd63f4c37a356202b22d292d77a93cb9ffcf6

SHA512
c0b6a7c856e43bd9f7ac8bf9b021e0fca188b87f45f7d49e13e5809e977e380d60fb03336e29c42374da56586436a1e3ddc6e37174789dd0969996a77e3831b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
60cc9811b0bb3dfb848962152342111d

SHA1
162884ec1f1028215327ea0d942c809927d61148

SHA256
d988ceb397e23d203ddb91f46cc31659fafe2f01271efd48e6d6af7d08565181

SHA512
ff8b28da79c5848455a7a2f957b9fabf1fc7f6d6eddbb1978a27da77e24c6288eef1c61eb4257530d2f2f8d1bbfef4c888ce05416dd827bde01395b2cb1351df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94cbf15e16f4efad975f600d4648705e

SHA1
ee5fb436e3b62bc89312d8a55b200d7494ec8d80

SHA256
b04c010e203e914e24b5f8190b9a0177ee4d23cda6e2aca844114a4412b824ec

SHA512
3f9736602b6ab28922a3cccb2622cfb34f6bbb523aa5191cce2f877b6594cf128af00d6dbed6396a9ec1dcbfb8b370a1418559afecb35321fbfd3076690f381f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
e7287dd4e71a21e10194c99cc8ccd823

SHA1
d12b4151bb25ca694ad8098751b4918129c322ac

SHA256
9c3bad374f6b813d2d3393e29f7e9aaca5404a001e521746d21fe7ced190f27c

SHA512
e76c126fb4f111e78772ee65afb4a06ff74d4c56432a4aa3f6c9680a0e832c257285e68f2b09e4513b4d4ca3169d865e375caa20dca32648d81010394c0c8c21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi643F.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi643F.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi643F.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 813099.crdownload

Filesize
25.2MB

MD5
22d4c8570252cb5f3b4a0213038d5de1

SHA1
62d93ddb19bdf8913d058719f40859e5b6eb2b9a

SHA256
87ea69570136c63736d95fd3950e11c67fd37ab1053410bc9e4aca66805a4cd9

SHA512
d21a1ef49defa738795b753ae52adc0187bcd90a632a9c4356731d4eef3956191bc8ed0c19ce383004b2fbefd8aa1e2246b1f15ce13b069ab27f1b61a62c1c91

Download Submit
C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe

Filesize
12.7MB

MD5
34c95552d6f4f4e5e70305f7e4f2c79e

SHA1
420663ddc472df0ca5cf9d5cd70ff57ba147a86e

SHA256
1ffe460076dd95eb0acc2734913fe252d37ea2198cd729b7d45d6cf0b048711c

SHA512
069950b7f21b62fe137e6f308741ba07cc8a4721a05d942540d5f4cda212e2d2349cf26fc4b9b244c024f1f131335e2f2ad17a735e17247c8d01b450375eb6f4

Download Submit
C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe

Filesize
13.1MB

MD5
34c54978e39be0d80ff7644ae207c6a3

SHA1
b14aea96f7a21816961a95ec026d48d872d24f13

SHA256
a14c30595a17a4ab1b7096fa752541b0d9cc58ed99ac54d0dbaceff833971224

SHA512
c8af9799e9f0cb00c46e969911003d87fef96896d039c7ddebe35332c1850697ced77683108d17f9c59cb19fc23ca731ca586b88057adb60c1bc983dcf4f3e3f

Download Submit
C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit