vidar | hxxps://www[.]mediafire[.]com/folder/3is42kz6mwjhj/Files

Analysis

max time kernel
300s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/3is42kz6mwjhj/Files

Score

10^/10

vidar credential_access discovery stealer

Malware Config

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/736-678-0x0000000000010000-0x0000000001248000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Downloads MZ/PE file

Uses browser remote debugging 2 TTPs 9 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
2544	msedge.exe
6068	msedge.exe
4816	msedge.exe
5744	msedge.exe
2996	chrome.exe
4388	chrome.exe
4584	msedge.exe
3216	chrome.exe
400	chrome.exe

Loads dropped DLL 1 IoCs

pid	Process
736	S0FTWARE.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	S0FTWARE.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	S0FTWARE.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	S0FTWARE.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133747283691236115"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
3396	msedge.exe
3396	msedge.exe
5904	identity_helper.exe
5904	identity_helper.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
2840	msedge.exe
2840	msedge.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
3216	chrome.exe
3216	chrome.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
736	S0FTWARE.exe
5864	msedge.exe
5864	msedge.exe
5864	msedge.exe
5864	msedge.exe
1676	msedge.exe
1676	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 2708	3396	msedge.exe	85
PID 3396 wrote to memory of 2708	3396	msedge.exe	85
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 1444	3396	msedge.exe	86
PID 3396 wrote to memory of 2584	3396	msedge.exe	87
PID 3396 wrote to memory of 2584	3396	msedge.exe	87
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88
PID 3396 wrote to memory of 1076	3396	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/folder/3is42kz6mwjhj/Files
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff697146f8,0x7fff69714708,0x7fff69714718
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7376 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7864 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,2003268896777696201,7460071631505028735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2224

C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE_(password_1234)\S0FTWARE.exe
"C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE_(password_1234)\S0FTWARE.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  PID:3216
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7fff583ecc40,0x7fff583ecc4c,0x7fff583ecc58
    3⤵
    PID:1536
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
    3⤵
    PID:2592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2200,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    PID:5140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:8
    3⤵
    PID:4024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:8
    3⤵
    PID:3872
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
    3⤵
    PID:1676
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
    3⤵
    PID:1424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4500,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
    3⤵
    PID:2112
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
    3⤵
    PID:8
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,6070004511471585960,17765420670556830262,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff697146f8,0x7fff69714708,0x7fff69714718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
    3⤵
    PID:1252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2124,17972905007251846488,12264668845770892869,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5744

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4232
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\S0FTWARE\S0FTWARE_(password_1234)\geo.dat
  2⤵
  PID:3824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\chrome.dll

Filesize
676KB

MD5
eda18948a989176f4eebb175ce806255

SHA1
ff22a3d5f5fb705137f233c36622c79eab995897

SHA256
81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

SHA512
160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a33eaa25a1ad40ad13c4fa531f8b4bbf

SHA1
ed8100a8c604bec45649742775a21b22392a2bce

SHA256
c53ff313f9eacbd732289fa550b12be0a5dd8f50deddc4509312fedad644b3f8

SHA512
2a9ea07e44eabb74692d0dc8dcd87e0a83a7e7eaca4d869c73e33729b5a59c09a1bf7058c74fe66d33022ae8af4746551e66cace55ce7058d1325cb1d129b40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5d936b1d43351f7842948c340cc534ca

SHA1
7d22b26039f6ed476c04aebbf771b770ef28091f

SHA256
a5748fb829b32d3ffab390823066f319ee677a0776d760a7376df4cbb2775ed7

SHA512
2bd75042ccffc65407c3f85af3fdccdd160137068dcdec81d4c33d9b0d78b110294900393e1a5265e1f1364b4c58875277ea1cb0d2477f98bc9568351ae8f77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ffc39812e2fcd5adcd109fff6e72c856

SHA1
927e636b225729179e43d8d731e3e4552a4f6405

SHA256
0f33fce94f0ebc3522f3d32883771a853a9041a4a59632a70033f12ec352d754

SHA512
da84d9e272245762fd8eb693b83b1beca59d513477e99f798c34f3ce7aeba263ad97834f8c315eb9fcade7d21c1925c13083d411f7fac7bf18594b860c57d6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2e65fd61-de9d-4ced-abdb-b7484393dba1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
a82a061a27121e5b3d2bc53258979766

SHA1
49a113bf685c04854948ad231aebe7d408ebde1b

SHA256
b859cb8686d2dc67e0229495d55e4af89303238950d0c57745cafcf31ff72163

SHA512
5bb64510b9fc6ef23fd5d010b809abef50a0b36f1eee7b48b8ef652e91eae87482d641f50205bfe2f68b72141fa2bee73c0cc75e556ae3517818441029fe7d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
20KB

MD5
f85a52738e1eecbbd780234b719227d8

SHA1
fcf516cf198dabbe8297ff497a7c56cb436aa950

SHA256
fd104379d8348961292f3730ea6a8663f5aa69e40294f399613d5b6370a9bccf

SHA512
b5b80abe111c8326cc336bd08b3354f7616a9fd0416009da64e608c86e94a9c38ddd92ae94c7e2f00df5c6485a43a302daa51672f671504c792dc6ff0e9276af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fda6fc0708eb339d9b041b6c6d17d4d6

SHA1
8a8ee2a8231d7c94ee5f6df5f4799d3b815e249b

SHA256
55e89216af675f3951a4a46b248d6e6eb4d55392b95587e1ca4042d768dce077

SHA512
9c8d358b27eded8f45a224845b6accb4599d7a462a9fbd57e3ddc54ef797345cdc3402997dba27e91ab646895dc721a21a95e58fbf2ff68531640c7ace5cf406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
64d9be9f902a058cb47b868a957bded9

SHA1
a469fe81468b77302c54840ccbcdc9e538b8113e

SHA256
fea22593e9c0c979bbbdd268735ab3ffdedd3fb322a41c9f2b5fa0542da85264

SHA512
ee0cc60c4d4068469ae815e52cb200a75c44fe581a1f1f496f90d979bd61edcb788099ccfedf56d05faf9c4914ee2f21d6b7e219e8997463cb9a102f242b2af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
231bfc079738250b626f9704457e9dd0

SHA1
283c0042fa16e63e85a6e058c0ac734c1f65705e

SHA256
573086a146e3fb7c2fe8aadca6165735b7b860fceb04ed2e980646725beea3ca

SHA512
bc87c72b73ed35226e3bf73820dad94b90a2989d75fe890b5343dac62e2fdcf346127c4d7bda393ddbc80064ca6b63f9bf83b16163f0aabf045cef7a9ae63343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
621ac4b16312e6f3d7145515d8039586

SHA1
2172100ca4f6f17a32b9b1f35fbee2c61f451b3a

SHA256
b7a4ed23bb8b85b5834be3e89218035ff4dc8728fa22b0b875963332b8fb60aa

SHA512
6ea12d956b485bd0ae64f940765387e8c08f3888e02b3118eba7f9f3cd9e2c0adc2e93ead68c7577b71ce1d9dfef590c7345d93c262dba9a2a4be2969f86f512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1f0d86d8732a14ebb82fbec1e2932db1

SHA1
fbac53ebf64066a3d7ed493806a54cd0d22e5530

SHA256
929e9d32c57e92650792d92cca7ef2ec9f65c2a36605bd180532de8fc9ad8060

SHA512
c305b821e6c139a2a86d83fcad858f3487048e60b21589b6038d59ddf79c5e85f4ed3cf800dab2b787c1e9cb84c7c805e80cede13b525e93711617d07ca5b746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
32KB

MD5
7e986c6cd329fd16202700c08f8eacee

SHA1
decbe6e000904a36b5ccdd00a17e28051229c3e7

SHA256
6d75fe374320b70c163745f0255a74a4f844dc90a848fee8da8a60ee9e35bb73

SHA512
a4bbccef999b2a7513242bdc76b655b54d0b299d820f70de8619c5726cb2d584674557e6c59223e3247c502597d568a740b5e1c3e61f8caa7fb9ef8b1bc75a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
260d3609173e7bce0f87804ea2229ceb

SHA1
c157a52ede6a2b36a01d63467c7a7f402c7a1740

SHA256
f866b7a97000868a56874ddd79bf83e2e8decd387aa14062c678359682b89864

SHA512
d43fbc4d44b2c1c82944ea9e587870225a9f97c8bb0c57602a16a83e34ece227a435fd06e763b86ce7e26aaa7e52e299dff045965aca2a968b7dea3094673868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5906a2ccbc5f3257e3a1678cbe168e3e

SHA1
a5d1d26872b8900d712ebdbb39b6ac29e923b8f8

SHA256
2112fd2b6111c5ba1838878db27fd8f99a74d5d97c8a4c2222b889c1f58b026d

SHA512
3bc27265ec320d6e249870dd1db47e027796dfb448a6ee1211deabca85204db2cda614bf2ec6deca09665ea8b7af7d628ca250dffa3ee0dd6de21a0294f1f835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
7fac03b75e9356073b47643267163962

SHA1
2cbacb8207a3cb099f2169fe10bb45541158ee56

SHA256
b96de3b98f78424a1347dde6858c434c259d451e15aac7b3d0ab407ac5e5d2c3

SHA512
4a1a73207109f19501bebb966c38bf4a309fc7e94235b586c35969062318cffc63ec353fad607f2d370cda928a0be52cc7c624ebd992dac3a7179bdc89de877f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
e7bb4a028610ff63c0a221ef3f71580b

SHA1
80972833e6e9bca4f4d59e292e981be337be03ea

SHA256
9ea2170fb829e03b25fc410cfa9406bc830e1e0fc4ed522452326156c76f85a1

SHA512
4cb8aab9807695345d99dbd0b073e47bd074bca4fa6dd74f940af5f8951740c830a1b4b33290a551864fdadb27347b020f63c4cb88f1eb10f61f2a50ad987502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
8b1533914959174cb65d1cc73eba2130

SHA1
44e2bcc93df857490c8d4c6f193e4ca64b1a94c9

SHA256
610eafa274ede78209588dcfd19cdaa825f3b53aca29e2e311ef6588e0bdc21d

SHA512
88aa9f317d688d9d9dcba7bd6c81aa10dba0c442cf663f91c47eb4b94fda501ddd9f5efa0f203fab0c92bd1d20ea0fe639aaa4d0029bc613c7e1b3f1ae2c20e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aa74b2e524c2e4d3779d3f792104b07e

SHA1
4f213854a288194b864b79576f66247e10e63875

SHA256
8d319e0bb369f2c152e8967356037c7c7d9f9c52b4a68de0c5113a3088703218

SHA512
79c41bb7ccf14f5f3927728488e8311b58b988ad04a92f62a194ff4bf83b0b1eee649af65af26525f4aefe7539be0dff8ab1db9b32b24106831adfc80bac984e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
27c5d3ec99f0940bee76ad542b593b71

SHA1
faf1e132c4cc9cec81a141a4e44d40a39d819cba

SHA256
da4e68ca45beb90935b9f48d17b099df1c5ab7cb8f9fabb7be9f83d1847f7025

SHA512
a32333182ba1a5573a096bba712d998ef263f74049738a77649d80ee2c0662a61a3eecda008b6c1b3aabd3a9e0877f465ecd4982b15f2e806f706c9c77650bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e45abd0bb81577851c9c982834a94e13

SHA1
a3dea9d4d2835845b55f6df3542f7162e5f69850

SHA256
8707c8da1085d2f30b8a47f06b0f398d99f836943e027d118430c74ba9a49940

SHA512
56cd65321d86b39b56eb02068300a50a8964147dacb548f1c5a377f0b6d7aab89e1d63ab181dd184c222f4f58c240e819bb826ff2cbfaf9bb34c121389b0a487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e6ef5e3e28bdf7a35a7492b5063e734e

SHA1
d128c2093bda2b3146a99ad5890f8eae8d2ac28f

SHA256
7127176be3bbfc1d26471db5b326b4d85a1b92b11282152ce4f509213505021e

SHA512
6967f93d3f2093e7d7024c14175c83c5a2762cd0e6d15d54d0adf5e93d9f4a291a840f938bd331033612dd6bda7d6ca94ca23bf80e2b95f2ee22de10a9a3fbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9e4274af9c4af3515eba41d16bbee94d

SHA1
7ec97d50befe58b6e7567fb68b8401b27ff51f1b

SHA256
cddaf8313ef38e9ed6eda3ec498a7f86b732d0a3e40ef90cea5ec909156cfbb5

SHA512
c00f2f14596652ee37f93603687eb30fe93abec26e08211b08f1ff2111dfea13bea9460f6befba3cdc78690ece54f97affd096942ea34736d45685fdcd3963f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
53a49901c242b73c03adf8316864064e

SHA1
a3db60b371cb8ef1504047f59930e6e29c9de03f

SHA256
b31fc3e41715f4519dc1e114e406f9df2f236b582012978f688b4f175f26aad9

SHA512
705516f53a383ed79806a10d3cefa29e5e5cf61a1d5de4c52647ec8e6688c64e7ea7338f36f057748a417d2a4c0153aed3674e4c462e4f3cec671a90b6904037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374728093680821

Filesize
313KB

MD5
2320567898805671aaed88d8bcb80354

SHA1
b5d023ec015b4b1601aae4f6db00d958a49f2f02

SHA256
c0211b32d4e4afe390594c26cda2d3eb57ce44066aa2c6bff3171f50cb8a723b

SHA512
8aaf1541c80df5f101cc8c5893a95369ede9ba2effbf874bd394c5ea8d7e4886eda98d84e2733432252eac5aa83b0a760660fd4798e1813359ad9c7f27b38ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374728094046821

Filesize
933B

MD5
b648f5a8ad44e8eafa975bb98ce6c978

SHA1
51315b124f48f19d6cdfe8101a9d5c72afa4245c

SHA256
c52f384f0b3c17e7ad1651afd4559cb5716b49cdec012932b47c21ee78b08c39

SHA512
3cdb940771fca5271f9df2b0cdd6fc59e2b6a5acdafa0c6c807d5a98f7e5ae05d12efbcbd600ab8cc0dfcd4f1cd868836033403ad007a06f687300709dc5bfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f97a5b761e1573163a4fbd2231b0220f

SHA1
bd247a12529f32a22ce2f28a674da6fb5fa19178

SHA256
7878ed4440befd7bdd63d7f4190c73314970ab2cb834b6e567fc4ed1a1cf67fc

SHA512
21497721f0a7a580d0eefd72fcd72d1b55f038b28c4bbaf8bdc569d37924ed64fcdbb4e787a284bd6f5c391d9ac1ffb1419d42bac71ee9c605a5f73d4c0a9ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
60bd962f4c28aff2f50ed72922388384

SHA1
218aee82bd293a40bc97d0b18a401c344ce400a8

SHA256
9b56a6b389f2a639f8c865f938bc651c869a5b3a7837a0342a1d5858f9c2fefa

SHA512
78f6dc47d811b28464edeca23d43bfa27816fa946c377fe4c8cb9657a99463f909a1377fef4f473a51fda4b11083fb31356edd2c8e4fa62313e51830dc91cae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a11040314f43d95ca0c169c9500cd56f

SHA1
67b1133230c92026ba6824cf68b45e7aa3029435

SHA256
c642ac0e69d8c10eff2ae61c7785faca56a634233da94497faea00babecf546d

SHA512
8358b1b11fa0e559de08defc1eecc617f9f1ee210948c3fb394a5fb34d94c131522d4de87d21c2bc01cafe5a58f357e3884a434b4faa65fa405e72af26e0d069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
724b21a82dbe60f2ca03cedc6e4a5e52

SHA1
162063d5b8b0c760f2bac5d373c278d223715122

SHA256
1464e6b7aa000874d508face05b1aab15a06e56e22f86ce72237463ea7c350d7

SHA512
98051f93b32e5abd7b15a68aba68529f235f8b7659b7b6b4e9f9f93b2899374202407d45156600afd7b7bebc205edda42026516193cfc0f05a449e319c70d789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
47ec1fa031ff97d41a2dd655a728bccd

SHA1
07bb0162c91248b148561ebc4dbee7e324f293a9

SHA256
5eb29da8135c6b4701dc310594f7494305a1b9241c0c409510a3b905af8c0377

SHA512
c2de58c1feb970bf0b2944cbcc27fb1ec38f6e971283c67af2256c1c16b2852c6233b99fe15e0fbb294c9912c0851bf7d1f387088c3eaaa4e2cf7bc8c77ef6d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dbe40966e80ae762f6e75ff7d3f08214

SHA1
cdf9dd48e3940ef22ebcca00cf4a99c9d50881cc

SHA256
115bcb72ff8cd9855e4aff43444c274de4c3d3edf42e37285b0207cdc519aa07

SHA512
e6dba9ca8211955ae40b6945b71ae9051f1f069838f073281add0fe0d9dc594066657e395670dffd7a27a0bbfeae9e6e42fa30d93ff8e69ab639c055e3aaa54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dbcc91df1dca202c52176cfc87b9a553

SHA1
26626079c423f9abe6bd0085d58c98f9fe6c76ac

SHA256
32227fc78bdd383181f1ccbf96e80b05b364aeba49e263219baf2e72dcfe2ad0

SHA512
658560ecaa24d71bf4b43bbd4ad15ba5e9b910a64f336f4d98d51833478b3f84b0afe5f49869b5b24ec2c5c27a25b205c00bdf79519462ef0e5876265be943af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5feb51af5e631b276e07228a4ebfd09c

SHA1
16c10d6914f968469a4c9c664b8589ea949a25cf

SHA256
6bc34fabfdfd10ada8fb4cd9e448b3b3a0d5522b3c4a4d5b751a6e62fce01c05

SHA512
1aa518a0beeb06f988b7fe7482e5e6cce191a1138b33792e00a185fe3b4f289151758f328c4c89cc440b28ca9f88ac3943b986fe9daf7dcaced806c65fd94225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de2b.TMP

Filesize
1KB

MD5
70c4f3e8af54e582b4d32cc642162d34

SHA1
e7991be024c09acf6c291ad3bea308f18eb30b1d

SHA256
222f56a2ceadffa6b95ec3842c797defec07594fd5b3c4a29d65e8274faeb086

SHA512
f65b54459efa6d707ad350444957e76ac577307efa1ce27694c2ab70473701938a42e60fedaf910abf03bcc13a6ce0ea447aa362c4575d0a602c7710adf3f129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6d5e097c11d01a52ebf39d9294da532e

SHA1
adb61b143401569a4d47e2cbc0c060ce11a607f1

SHA256
7538c57569181f8c70098177e70bb4c58318f8b06556c1c96132fe4f9c8906b1

SHA512
17ed9d0b6c31e9fe2a8810774704cee2638a18f61a3d731dc139fef4b7116bd50416c1a6a18af0aaa89ec2045683bf89484dcf60c735644cbaa5d65efb396ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a3a2e2c9-2263-4de2-982b-79b3c4e32b5c.tmp

Filesize
10KB

MD5
0ad9d1829e5fd89e433a18c59e212338

SHA1
381f648032ad7d9c94d5f4a92c0e7476654bac69

SHA256
357d66865108d3ef3c8203b8499e736ceab6af8f4f0794629ae94f01fdb659d7

SHA512
9adf705c3f4c37a07ae3ace27eb49870901c8075a5e1ba70a4b341be76cb4586b9c5aebefeebd14530c75a583c7cb17402b408409ed8ac436f1fe287967d0a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
136KB

MD5
66d7e41e43cc5a604c08c4ae37b9d358

SHA1
561eb2aa4c2a2db216145d0e59d444c02889362f

SHA256
2d620e4ebdb38b91429f2511a7f0f0581aa7c22fa5f0aa8b1f667b8afdf9aa2f

SHA512
1b9b05649e11c26794d77ab7c58181a3a294df9fab676d309b3c01ee0c873b077c23cd3a1e27e96b11b87decdd5a11d03f0b4b2b8af5e92cbe2fe3146d4a8632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
6b817c935b9b1c7f24448d68bf3971d6

SHA1
82f77821c68700ff6bb28a6d633ae9898611fd47

SHA256
9a882aabedc7090bac3a069120bd64f1cf156e52d506a69d25c37a13a42c0222

SHA512
011a58fb2a0aebfd15ce72cf79088836263c77f16f29e875b24246aa8a6b845ccebc3be0f9ee056cdea4f4541d8f3fac044f3e9749b0ab463a0ae613191e3294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
269KB

MD5
781ab0b5f417d80ca8ac9fd019704817

SHA1
ae8493b89084d793023bde98bfc205d6557efd1d

SHA256
e25ac1b6dfae28fc6dccc1780303b5b10e2e2813c4ea143cf7272a691ba332fa

SHA512
14112b9a9205abaffd4f441a5f2a6160e7badbeb6a9005e63a903a4f4cb32ca52ed051ce6c865020d004ca8691c27a011e1006c1394016750342f97707b17573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f4c70af007efc2fcd2125f81a8da6386

SHA1
90ac142ec92962ddeabf77d36548da6a6f837663

SHA256
2f3a036f1c87d347b18b74eae1e79d09d7ea6d84479b316c7ab45f140b8d75a9

SHA512
bbf53334bab71a5421529e359b3593a79c77d931452886a96a462816ab66d93d3d86b64db1421969f4632b7ad36b38e85679b799833319a986f9a6b878452fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
607d0488c0ad246fbccbac208f1a3248

SHA1
c5c8167f950420a42b89d343ef906180d439d390

SHA256
73dba154c930633b3066b2bbd00f2b2849e925b23096a5dbd85e22f9b0449571

SHA512
7a09c2364c44a00db4ef2d27c1c09255771b2e5f6a0fbb3b88708131883d56fb17997df425856597131fe4dc63090b8bf1751d879fd4b774bfce59dfdd765ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b00a6539a471c11ef0496eba7791ca37

SHA1
8ae7df3e9c9301c71569cf9c3f5879a43c2b4dff

SHA256
68431de477f1a03b65c9a1ec8ac925a6d143d119ef9e5fd0f3849d7f7dd8af95

SHA512
a22c0fcfe5c8ac4ee723084249ef95b3d04758d598c1cedcfefa3031aa0178bf4cb8cf217be7da915fc658778ccf27b9aba501658f72ba150f6b273f3ffd92a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8b4707c821d98e904cb52905b5bdfcd5

SHA1
da486fe11678fd206487d24b790d3be174c112b6

SHA256
0b131f00160c1be4d09c1576ba045c2291d96832e2bd54f973913d6316542e11

SHA512
498894d27e9b91ca0f91e3edb684a30e9b5b87576ae16088d158e6fe823ec3f6111de99c469e07ed1d5d2ee9a43263cb41a71231ee9167f3e5ee1f4c83d3f9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b72386ddd3168ce98eadd2d356369d0

SHA1
134007c262caba27ec16445e587408397bb0d60a

SHA256
49d0dd7ebd4ae28cb45b9b5e39794d35b83c494fc21c22cfdf379d4ec9f03cdb

SHA512
62a3b522d9c4a269a4063fec7caaa09f276d2ed073316799f127649e0cec7b0bf4e801fb4eedd610d85725b7ee7dd294230cb46a879e366c46cb2a22d68a285b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5731b88a3a97c84e6b5a783a011249c

SHA1
0ddfc76265670281677d9bd2127fc0709fcef6cc

SHA256
b288bca09f92ba27ca007f57703352fa180f9252fde2e4b73ac12df254b711a9

SHA512
fd0732eb31d41e68c97e1f59aac61a6e649ba381ae751fe66b461bfd41a13674ba10fd20a392b2ab8d5c6f5b59c8215e8f1028b0072105d144ae2c946bf4c5f7

Download Submit
memory/736-676-0x000000000ADA0000-0x000000000ADA1000-memory.dmp

Filesize
4KB

Download
memory/736-670-0x0000000000010000-0x0000000001248000-memory.dmp

Filesize
18.2MB

Download
memory/736-671-0x00000000013D0000-0x00000000013D1000-memory.dmp

Filesize
4KB

Download
memory/736-672-0x00000000013E0000-0x00000000013E1000-memory.dmp

Filesize
4KB

Download
memory/736-673-0x00000000013F0000-0x00000000013F1000-memory.dmp

Filesize
4KB

Download
memory/736-674-0x0000000003C10000-0x0000000003C11000-memory.dmp

Filesize
4KB

Download
memory/736-675-0x000000000AD90000-0x000000000AD91000-memory.dmp

Filesize
4KB

Download
memory/736-677-0x000000000ADB0000-0x000000000ADB1000-memory.dmp

Filesize
4KB

Download
memory/736-678-0x0000000000010000-0x0000000001248000-memory.dmp

Filesize
18.2MB

Download
memory/736-697-0x000000001D300000-0x000000001D55F000-memory.dmp

Filesize
2.4MB

Download