hxxps://github[.]com/geode-sdk/geode/releases/download/v2[.]0[.]0-beta[.]22/geode-installer-v2[.]0[.]0-beta[.]22-win[.]exe

Resubmissions

10-03-2024 18:29

240310-w42saahh46 8

10-03-2024 18:22

240310-w1dahshg88 8

Analysis

max time kernel
115s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/geode-sdk/geode/releases/download/v2.0.0-beta.22/geode-installer-v2.0.0-beta.22-win.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2956	geode-installer-v2.0.0-beta.22-win.exe

Loads dropped DLL 3 IoCs

pid	Process
2956	geode-installer-v2.0.0-beta.22-win.exe
2956	geode-installer-v2.0.0-beta.22-win.exe
2956	geode-installer-v2.0.0-beta.22-win.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 583237.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
8	msedge.exe
8	msedge.exe
2856	identity_helper.exe
2856	identity_helper.exe
4180	msedge.exe
4180	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2112	8	msedge.exe	93
PID 8 wrote to memory of 2112	8	msedge.exe	93
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 4000	8	msedge.exe	94
PID 8 wrote to memory of 2744	8	msedge.exe	95
PID 8 wrote to memory of 2744	8	msedge.exe	95
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96
PID 8 wrote to memory of 4416	8	msedge.exe	96

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/geode-sdk/geode/releases/download/v2.0.0-beta.22/geode-installer-v2.0.0-beta.22-win.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff850746f8,0x7fff85074708,0x7fff85074718
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1684 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,4290517087920193013,2639590129704014736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5768

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\ResetClose.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
PID:5872

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1fec00d559454af79eb0c11c13cb806a /t 5876 /p 5872
1⤵
PID:6100

C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe
"C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7f64e31b85c733fa395c5339349846c

SHA1
6e14007beabe702303747c76436eefa48ac570fc

SHA256
93b523b1921e54317f15b9e158f162b59fcd7dbc69c1281ba4d30e60c0d1dcc2

SHA512
345d2c6855a060cf934307bd4a9775db2c6e4594747cbac7b6d2f94900fde3bdd571e6f5fdfa65a529a67c3790cde0164203129712671d67cae7c7e05eb2921b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8636a10e524ce6b050989d5f24f85b7

SHA1
ff86f7118333c25df56e5c94e7434ecbcd3997a1

SHA256
d1e041f2757aaa044de98e06d4921a15902540b7216c45844a9fd27728d3426e

SHA512
49fa8c09482a26d316dc4e61a8d32d2b924d37dfc611e65818873855a789c54bbd124166852478df0815cc2cf19912c6c165f058464c243e2e7549599fe6f750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
522d4b3435419356d5d067990063e9ae

SHA1
f81d751b34039103ce920899ace7acfb5f4c7a3a

SHA256
e5307b82afeda88dcd3b7f26645f04b4e8097e7e9c04722bbee3947a5d3ab4a3

SHA512
b7ceae4795f0711d3b642e1ed0d2ba2f84b25cba210bf99bf1105a9c8789475370148a93c176ce25a9bf28b4e8d005d810151cb188fce797794d62b254d64fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53aad5ace0caddb3d26cd3e9edb5d6cc

SHA1
787472dfdbf1872e0ad8cc2f85de056aba03e0d1

SHA256
3573ff33cf37c84564fcbf3b7b4c348d96f2bbdd6ef82e9d017bd5af998af136

SHA512
e6ef00514c7d048b0a683f6e7b58fe2f397da04d4b02c87ffe4ba36cd5a6cfbde6e79cd976d927bd4b0f6bdca58ce58c901bba55cf851f7e67a2efccbd134b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50ca41b8f8d6f73193d3dd9572917ee0

SHA1
bc8716ba6915086099775a7ebe6494cc0b766409

SHA256
6cb68af9669027e5a0cf0ab0e4aa0aeb1f1559ad6de8106d930db03d3fc116f4

SHA512
d4a9e05ab978b3fa9f9cdea87801a778a06f97fa0d9abfe28f9cb8ebba17a585decf644be294a2057bb36b4005c1e5f34875a25a9c4e2aec5fdcdf93a2d44105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d89a3e8f8defc835fd5db9e16016c43c

SHA1
242ed67aeaf79cb5779a1b24980d8c68e8480a73

SHA256
bdfa43f7fdac0434bdbce4aca9452e8f20b67474d3ebc2dc47fbc5cffdcd158d

SHA512
22cb1065603458acefd638688f246c82c6d760dd7d74ee71e28398f802b3166287c1615c7927cf5cf4bddad23d4cfef28f1ef9bff71b99ed4239b67afcfa3a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2a4b67daa876eb6e3387f33a774de9c

SHA1
562cf5ecc53ba9a64e82de25965659598c454f32

SHA256
d0073240b63a091b513beb2c53b327c56533bb0846f8380d18d4a5988a2d61c3

SHA512
13865bcdb9a7dde9075ae91d6995a0762b035bc84f14e36670b7a469475ed30a4bef90b12d39f7b0c53c91e4d402087cb853868e6cdebb3d7ed34d7e32334b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4314afd486325ef5895bc372036aea80

SHA1
a40d36331fd7d79ca4b80b20ab5e51458fe7212d

SHA256
69b2977242a304a5cf99718020e6d5a2f9d6b241f9eca4d2bd0341d2272a4a08

SHA512
d25ef28f861b21755048d888ff6e473e0d1200757909d97f024038b1c145ff9258619ea8bcb92b1a631f0db95d58dd9ab2590f3ea286ad8a2bdf468104ef9ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e822a4cfb3d4c1eaf950ad275c204d40

SHA1
131855e5bbe376d182a76897a33bba25b779779c

SHA256
c6fe65d7b0dbb7c21224dccfa8f786af60494a4a3a251c904527bbe3572c12c6

SHA512
5287a4f21d273b4fc40af1f8a5cbd90ad5b61713b3dac64dceb60a8a005d71c11d27538612e884250f6558027c758ac05ac40f0af360e9dcab0c20a1c384f870

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszDA7E.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszDA7E.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszDA7E.tmp\modern-wizard.bmp

Filesize
201KB

MD5
3c5626cfc549b9a2fc147f84601a68b1

SHA1
df2015ab7aa2eb9943cc5929fb9f7ec14a26b71e

SHA256
4873a57c9b2d697e4f8689ff7a2f785fb836a6289bc377320987b5541856234c

SHA512
b076a7c5350a8fda2f641c052bab4f87a602f313c91a3c0ceab2da45f9753cd89ee97497a5c67552e65a97de1366e69bfc531f6b728224e86314b90b91fd9511

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszDA7E.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 583237.crdownload

Filesize
25.2MB

MD5
22d4c8570252cb5f3b4a0213038d5de1

SHA1
62d93ddb19bdf8913d058719f40859e5b6eb2b9a

SHA256
87ea69570136c63736d95fd3950e11c67fd37ab1053410bc9e4aca66805a4cd9

SHA512
d21a1ef49defa738795b753ae52adc0187bcd90a632a9c4356731d4eef3956191bc8ed0c19ce383004b2fbefd8aa1e2246b1f15ce13b069ab27f1b61a62c1c91

Download Submit
C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe

Filesize
6.3MB

MD5
e06c9b0535d35ed370e1c0452d452837

SHA1
0350bb8d6de2112fac83a8b62e01afb686351bce

SHA256
6a8e8d9c7bb6f9f16b398b4603f19f7cc6f35b1d7531285dbc4515326bce2f77

SHA512
15c58214097c81aa54ff411f0b3a7a6ee680ebafd5513061c76739b2455310aa52399ac6375ba33b389520cd60934ab6569de3e2e232c33bbb509888fd3f5b35

Download Submit
C:\Users\Admin\Downloads\geode-installer-v2.0.0-beta.22-win.exe

Filesize
6.0MB

MD5
7b5e126a37f01e6470206182df3e688f

SHA1
272354df33c889fe433de4e70224592f160e0f2f

SHA256
2ea2952ec2a91e60ae6d1e7fbbe8db4cde287caccdc6584159e94c4787139bbb

SHA512
4520550f79cd89f9e81e667a6d59f146f55e60a7500c7ff8c17724afe9a208ff0e29061a0e95c3954b5d5c421428e03fb25388aebaa16a45f8a83d579283f743

Download Submit