Overview

overview

10

Static

static

1

TradingVie...op.exe

windows7-x64

10

TradingVie...op.exe

windows10-2004-x64

10

TradingVie...op.exe

windows10-ltsc 2021-x64

10

TradingVie...op.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TradingView Premium Desktop.exe

  • Size

    780.9MB

  • MD5

    405ba6af3449ff9599e939b4fe734e99

  • SHA1

    351dd3bdf138fb2ae91392c21d6586d7ac898668

  • SHA256

    252490d5747973f0b8b8deeacd12c43eefd2e2d5fe4f29ea2e239679426c33e6

  • SHA512

    0a040d4882704b5d224e6722e2e3b64f6a5ddccd59e5ecd99ef534d4c2aad781f008d909528d36e91cc56350ff92a389b5233ae9a0762c5f09617968dde37192

  • SSDEEP

    196608:7k3b+58e7DRsMpcPCVb22BDCZ+upImGXoTZiJ4gcZoJ4tDU:yU8e7zxZDRVDkZiaFk4tDU

Score
10/10
vidarcredential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Detect Vidar Stealer 3 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 9 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 8 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 51 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TradingView Premium Desktop.exe
    "C:\Users\Admin\AppData\Local\Temp\TradingView Premium Desktop.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
      2⤵
      • Uses browser remote debugging
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa24f3cc40,0x7ffa24f3cc4c,0x7ffa24f3cc58
        3⤵
          PID:2356
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
          3⤵
            PID:2012
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
            3⤵
              PID:1052
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
              3⤵
                PID:1496
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:3840
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:4908
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
                3⤵
                • Uses browser remote debugging
                PID:1400
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3628 /prefetch:8
                3⤵
                  PID:3060
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
                  3⤵
                    PID:2844
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
                    3⤵
                      PID:736
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,17373578090207919996,9141554770520003443,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
                      3⤵
                        PID:2644
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                      2⤵
                      • Uses browser remote debugging
                      • Enumerates system info in registry
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                      • Suspicious use of FindShellTrayWindow
                      PID:4600
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa24f446f8,0x7ffa24f44708,0x7ffa24f44718
                        3⤵
                        • Checks processor information in registry
                        • Enumerates system info in registry
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2900
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                        3⤵
                          PID:3520
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3732
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
                          3⤵
                            PID:2988
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:4636
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:3188
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:1476
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                            3⤵
                            • Uses browser remote debugging
                            PID:1356
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
                            3⤵
                              PID:2304
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
                              3⤵
                                PID:4500
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2584 /prefetch:2
                                3⤵
                                  PID:1440
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3644 /prefetch:2
                                  3⤵
                                    PID:4000
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3376 /prefetch:2
                                    3⤵
                                      PID:4612
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,17146707221204071810,1696946845958240374,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3508 /prefetch:2
                                      3⤵
                                        PID:5040
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\CAKKEGDGCGDA" & exit
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:4360
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout /t 10
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        • Delays execution with timeout.exe
                                        PID:3976
                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                    1⤵
                                      PID:2884
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                      1⤵
                                        PID:1244

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\ProgramData\chrome.dll
                                        Filesize

                                        676KB

                                        MD5

                                        eda18948a989176f4eebb175ce806255

                                        SHA1

                                        ff22a3d5f5fb705137f233c36622c79eab995897

                                        SHA256

                                        81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

                                        SHA512

                                        160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                        Filesize

                                        649B

                                        MD5

                                        a84ce4f0a51139add26986a59aa53085

                                        SHA1

                                        c4e541d6de5d9bdda231dd952167b3f4a6167e4b

                                        SHA256

                                        fb0960ebb80fe4e966edbe5a1a521ee4d29dacb493f6792af340cd16b6b56cf4

                                        SHA512

                                        dca140c5ac403476c5916ab0908fb7d9e15e258b67a4662e9a85b82e041ed2f1dfb9e44ad608183952ae0fee06c3e80f95117bc58112f996f1a2c019a2170b97

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\2e3dfda3-01db-4875-a766-4cc95f8e5438.dmp
                                        Filesize

                                        838KB

                                        MD5

                                        c4d0c8051536767fa9d465b1dfddc94a

                                        SHA1

                                        8a9186efefefc8ba67774ea6905357d0b4ea67af

                                        SHA256

                                        4373c82bb0f2068967fcea41f0ae396e49fd43b13e465a947882199c3c142623

                                        SHA512

                                        bb5940a4915e8ecb5caba592c4126794d56c0c95547bdc76959ca1cfb3c63ee72f8fd53031ca34f2eb320fb848464f3a4e25cf85b46d93834926db83b9f7ed44

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\35979300-d373-4d4e-abff-acdc24bd1fc0.dmp
                                        Filesize

                                        826KB

                                        MD5

                                        97778c33f7172e0f8c00c0b1783018b7

                                        SHA1

                                        fb9707fe899d86f8612c8dde9bd1cb54f81c7e5b

                                        SHA256

                                        1b4a754a0cf05943884efd26156f650388053e1f3fb5bd9fabe231af3176dd7b

                                        SHA512

                                        2c144f22ad6ad1cea59c4c9975c375aa9a45087da628931411ca8e2a967a7982e6f5a92439d94950d6b57c16cf21003130e185380ce18877dc3c6af67ceedb61

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\65256e0a-3f16-4ef3-974e-803dd61a6316.dmp
                                        Filesize

                                        826KB

                                        MD5

                                        5a48434489c0b70ce24a44ad139ef9aa

                                        SHA1

                                        a1ea7661f597bcc51429e3bf57253abfa9a7778b

                                        SHA256

                                        6b5523ebbdc519bb03cb9f330a174f821bad071cc22615de7005b4f3392241aa

                                        SHA512

                                        31e60490f7472c5d8ac6d5c0ec1cee92c9cbcca65c01a595f5f011a6069f4396b39c231f46f0d76f5da230e96c250aae7d17395f218ec0a36db41feedef8bab9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6ef875e3-5171-4646-ac17-b0da1e08d724.dmp
                                        Filesize

                                        838KB

                                        MD5

                                        3d45071b6b188e2a1bdab5953e7aa8af

                                        SHA1

                                        929870a22cf8f4b73c8d4e4807c780e692e655cc

                                        SHA256

                                        c20f970a4081863ffc6887bab4963bb3174056ad67aa7f76b8362bda51de7ae4

                                        SHA512

                                        19004efd77231fa96d892281b9853be6d45bb12f65688cc1dd4eb3f18eb3ae018b38b41ca06ae0eb133cb536ddfe99d20eb2684be67a9de2f7f9106f9a6ef656

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e80d1506-a096-4737-ba8c-7050a2fb8ed6.dmp
                                        Filesize

                                        838KB

                                        MD5

                                        6cbb59a72010576d647b54be7ac651ed

                                        SHA1

                                        673b2831c791a4932ebf2d58d3baae3f34292cd3

                                        SHA256

                                        bacfd09012d10f643c17d85efd0d75553f3bc875f21fca82d270ef42cebe5fd1

                                        SHA512

                                        63e0109357334528d78ed4ec7729ea1b85f6ad6fa5b4b082eba62526125819f02b36641bb52db7b7fce09f1b5505f3a6e5853191aae9ff072f1b0beea1ad678b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ed7dd192-2a9a-4a72-86c2-01aaaf032757.dmp
                                        Filesize

                                        826KB

                                        MD5

                                        8a4af9bf1975ad9ecf7bc38e8bb83434

                                        SHA1

                                        4e7f6242bfd140d167f1a671a7c5d96d4ca7bc1d

                                        SHA256

                                        25402fe303adb155961a76a67213e4fd495b1886eb6fa4f19af7fdd43de26c7f

                                        SHA512

                                        ec338ac1d224e2413ee3f9896e32666451cc12de766de711dac5ee238faebd657cad9211bb3c029be971a3a1b2f7817060682ceafd804596e5dd7971c65c3207

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        d22073dea53e79d9b824f27ac5e9813e

                                        SHA1

                                        6d8a7281241248431a1571e6ddc55798b01fa961

                                        SHA256

                                        86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

                                        SHA512

                                        97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        bffcefacce25cd03f3d5c9446ddb903d

                                        SHA1

                                        8923f84aa86db316d2f5c122fe3874bbe26f3bab

                                        SHA256

                                        23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

                                        SHA512

                                        761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        aa9b31dc5d607de3b02aae453088f1d8

                                        SHA1

                                        8f9cb1fa80f76262a784753e213d1044bb14567f

                                        SHA256

                                        b2d4630e582c38a6f3537a549b99c8df9981149a9560ecdbc9862de37d6bfed4

                                        SHA512

                                        d6010f3af2d10d716cbcb5990b89b540319f97675e3f071b9ef8a29a4a9632b0f0ed1ae6563d39f58ee6114f5fece0469f2d545c58940caa1af1e5ac05ad872f

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        fd551353d71803fe14f79e1326e3adeb

                                        SHA1

                                        cbeca8b4794aed18f0f3acf3071396c36d770abc

                                        SHA256

                                        bd5137b7262bceed0ae0d4d0ee96cbe0969d84e7c1980e8fb6a3e3cfc406d2c9

                                        SHA512

                                        0b509b65fa58b3a826832d25cdeedd691f73457693cb8e1a87836e8308ad3721d18255a702536c94883ddfd56364c7bc9de92b5a6314fef0705d772d82b98078

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        607200407693ccc102a23a43c5d94cf0

                                        SHA1

                                        107988e8154a463774103fccaa281c1ee800f93b

                                        SHA256

                                        e0a88cad70bc4758cf449d036043f9f6e69917442b7345d005b03923c7e97b73

                                        SHA512

                                        c5b1ff4ae7e016ed3ff126fdbc6c3a91b268d9733a16e06f5a86aa9183227da68a9a517685dcd212ac95f2495e622d4de114b19948c5efc144d3b48b90837ffa

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        e0e39e5d28fcba515ac3ec4a805dd960

                                        SHA1

                                        e2185c2c27e7642506687a65905d7bb3b0771289

                                        SHA256

                                        414290e738253dd2faa256ddfe7ebb51f673e69402b9fc8c7ab04989c2d96a30

                                        SHA512

                                        c36ccd85a61b9292d38548565a5750fd43335fa2be8cd307cab1f8c901983473900ea70e97d54a665d91fd3d5efa8cf9a775cb16112e755319b1b1b60414e1df

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                        Download Submit

                                      • memory/2484-80-0x00000000004B0000-0x0000000001C0C000-memory.dmp

                                        Filesize

                                        23.4MB

                                        Download

                                      • memory/2484-22-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                        Filesize

                                        972KB

                                        Download

                                      • memory/2484-76-0x0000000000CA8000-0x0000000000FD6000-memory.dmp

                                        Filesize

                                        3.2MB

                                        Download

                                      • memory/2484-3-0x00000000004B0000-0x0000000001C0C000-memory.dmp

                                        Filesize

                                        23.4MB

                                        Download

                                      • memory/2484-1-0x00000000045E0000-0x00000000045E1000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/2484-0-0x00000000004B0000-0x0000000001C0C000-memory.dmp

                                        Filesize

                                        23.4MB

                                        Download

                                      • memory/2484-2-0x0000000000CA8000-0x0000000000FD6000-memory.dmp

                                        Filesize

                                        3.2MB

                                        Download

                                      • memory/2484-417-0x00000000004B0000-0x0000000001C0C000-memory.dmp

                                        Filesize

                                        23.4MB

                                        Download

                                      • memory/2484-418-0x0000000000CA8000-0x0000000000FD6000-memory.dmp

                                        Filesize

                                        3.2MB

                                        Download