vidar | hxxps://github[.]com/Hira20/AquaDiscord?tab=readme-ov-file

Analysis

max time kernel
70s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Hira20/AquaDiscord?tab=readme-ov-file

Score

10^/10

vidar credential_access discovery stealer

Malware Config

Extracted

Family

vidar

https://t.me/asg7rd

https://steamcommunity.com/profiles/76561199794498376

Attributes

user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

Detect Vidar Stealer 16 IoCs

stealer

resource	yara_rule
behavioral1/memory/1044-241-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-270-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-271-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-318-0x0000000074F30000-0x000000007546A000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-325-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-326-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-332-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-333-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-506-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-665-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-663-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-666-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-668-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-669-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-673-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7
behavioral1/memory/1044-674-0x0000000002CA0000-0x0000000002FA0000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Downloads MZ/PE file

Uses browser remote debugging 2 TTPs 9 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
4804	chrome.exe
6000	chrome.exe
6028	msedge.exe
4076	msedge.exe
6108	chrome.exe
6068	chrome.exe
4352	msedge.exe
5904	msedge.exe
2256	msedge.exe

Loads dropped DLL 1 IoCs

pid	Process
1044	Installing.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Installing.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Installing.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Installing.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133749734485046191"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
460	msedge.exe
460	msedge.exe
3872	msedge.exe
3872	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
5352	msedge.exe
5352	msedge.exe
1044	Installing.exe
1044	Installing.exe
1044	Installing.exe
1044	Installing.exe
4804	chrome.exe
4804	chrome.exe
1044	Installing.exe
1044	Installing.exe
1044	Installing.exe
1044	Installing.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
5932	msedge.exe
5932	msedge.exe
4352	msedge.exe
4352	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe
Token: SeShutdownPrivilege	4804	chrome.exe
Token: SeCreatePagefilePrivilege	4804	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 1308	3872	msedge.exe	84
PID 3872 wrote to memory of 1308	3872	msedge.exe	84
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 4868	3872	msedge.exe	85
PID 3872 wrote to memory of 460	3872	msedge.exe	86
PID 3872 wrote to memory of 460	3872	msedge.exe	86
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87
PID 3872 wrote to memory of 4944	3872	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Hira20/AquaDiscord?tab=readme-ov-file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1624817252789241131,9948535897959656267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5516

C:\Users\Admin\Downloads\Release\Setup\Installing.exe
"C:\Users\Admin\Downloads\Release\Setup\Installing.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0xf4,0x130,0x7ffdbb04cc40,0x7ffdbb04cc4c,0x7ffdbb04cc58
    3⤵
    PID:1528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2008 /prefetch:2
    3⤵
    PID:5900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
    3⤵
    PID:5924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8
    3⤵
    PID:2284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3224,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4332,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    PID:940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
    3⤵
    PID:4224
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:8
    3⤵
    PID:5580
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4776,i,17447611845674091409,14204916253044551180,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:8
    3⤵
    PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
    3⤵
    PID:5332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:6028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:5904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:2840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:2916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2668 /prefetch:2
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3944 /prefetch:2
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:1068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3789450379824254805,6336211884965196058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2380 /prefetch:2
    3⤵
    PID:4832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\chrome.dll

Filesize
676KB

MD5
eda18948a989176f4eebb175ce806255

SHA1
ff22a3d5f5fb705137f233c36622c79eab995897

SHA256
81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4

SHA512
160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2355be18cf5694a3d3abb071896ae89a

SHA1
db0fd5ea86021a90c7b20696179508599ef94582

SHA256
feb215b8f57f74608fe1c3965c44032dae449e6e668d6fa30ed4578581511a45

SHA512
3c97a59a44c5de906aee941f6d6ec4df791dbdbbb898f5bea3b8470c8af33e9da1775873ea22a6dd53ae29e3e7d436121ebecfbda4aca2dfba788600afd82f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
418B

MD5
31fb5fec8855297ae61dd385a0c58b85

SHA1
9a5f1a42de9b2c57f8473b88b5aaf237854020e6

SHA256
3987addaa62e6cf0e864a9c0a0560b317f0ea103074ebc91e461bd5b70a0d6fb

SHA512
88cf021216c9f7e540fbd790fa2abbaad1480389176dc8360af7d7cb5014d45d26354a06d163899192c7b629a7154315e7882922fdbb88662461f30e5418c5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\0ae99d9f-df1e-4362-a3ac-2d32e5ac76bd.dmp

Filesize
892KB

MD5
22e7e9e568cf3fe3cdc5557df3d21e5d

SHA1
b272a8b16aab29cbab1c7ba84e93285d8dba2608

SHA256
89501c78aab99fb1c8d8e3ccdda61461d5bab6677e690a7f8581bc5ccab5776c

SHA512
3ae51eea251842c0368adf8cff7ca5f13fa1519b340fed868ebbc0a22e4de9832be04ef47ea518df0bac4499498c03f9e1a19efdd76881b4b304389ae40c8098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\1aa1082e-f1a1-4d8d-9e17-5be650dae5a3.dmp

Filesize
884KB

MD5
9f57649fb409b2a6055ad8db7864876d

SHA1
38c262d1510b51bd2e379cbee0716ea92fcb8c9f

SHA256
cc44562dba7ac36070fe211064dcc30fcf0bfac99ac696d7c333ca91ba2ee87c

SHA512
e2658127a8532e59227e1764b569fcb69a1b156ba74a602a5134fdcbd97e4f8c1c3c1c157ea232473f6027dd62182f7df41f7cf75e2ee3217aa73efedba05d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6484b83d-fd18-406f-ae56-04f19d2defd2.dmp

Filesize
892KB

MD5
de1aa1a5790f463ce1feed6f9252eb75

SHA1
1873cd1178c23ca6f8cad02c23e57b08ee207e62

SHA256
788fd5b8afb66b742e86e4f5f45eabd4e4c9107809d84b6bc2fcc776a75054b1

SHA512
b4ae722420ab6bc6e6785fd20e7b82117f107c4fec88fa85b98e8be2bd42b7064d923f427ec5748e6e0623a3f29ea76adcab519ce355e34826aa90c916208eb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\7b5ab287-7d43-4bbc-9a9e-185f649b01ad.dmp

Filesize
892KB

MD5
3b5fecc03e114293ba060a7f8471cb33

SHA1
42e01b21019ad0980a14c96bae38c348f71b3667

SHA256
6ac5f2952251b65d4680012483a0b7e1619c1edbbf86405ca36e4f945fcfd611

SHA512
85c8dd1ca2cc28fe78e4473382f0a8eafe9a75d2e056ffcb778c23462299f4dc55d9723e26800ae33ba73fe3f5a220df19b3e6781533c3cdd022b5d7d9b06dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a6f033ba-dad5-4e6b-adec-42c837301e57.dmp

Filesize
884KB

MD5
3fe0365b95a2ede2657f1fdae5829a0f

SHA1
a4fb4f90055c7daa66e353cd2ab37c39d8f06f4d

SHA256
18f75904b20e5e280372e7d56a9ace2f7eab036039851ba3bb6e100051f37824

SHA512
781907f96183d3b166f6c9795f5111e7bc59c4025496e564d8752ad38579f31c93140a0d4815f3eb582cc2ad7f10a441c2bd70bcdb9be29170e0ec0c2e50040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ba02a7e4-cbd9-4e15-ad9b-9b768376068c.dmp

Filesize
888KB

MD5
6df2706d9bf4afb6a20ad19368ea4636

SHA1
001ff8f56127bb7c5712a83fc062404a9b879afb

SHA256
be0644048c65b70fd8363be0e31c69068d85eb0998e887bec678a813f9d8d83d

SHA512
712e1298653c39d2ce1dc1062b859f8e682e216eb47ea0543c1a51a9de7d62a042b2296b1de51ca9cdf221974eccb4f1045026b89346c9330ca95fcc41aeb1bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1041b17fe76b2683ed91e32230a8a8a3

SHA1
3846a20b43edbced681ffa6d64883bce38615682

SHA256
73e546d36485636ad0791fb4eba0871499e09348de3d8d0d3bd8c0ea8140a705

SHA512
0c6437afdb1244f69976f7030c8d293cbe0b4c7a9baa2b3da1255019e1e29996534dac0b1a8f6819e6e979b9e365e387081495b96ad0eff794bd24970d00d211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
115277819d277d50eedbb6885c3ea329

SHA1
5289a784ed1407718b337425a7ee8f2244ada377

SHA256
fb435a00b429037d6b293b2c197e45fb9d679cf583e484015eb66e14f268bdf1

SHA512
9e4c4568182b5b5d3cb2c444c0dc2dbc735c84830912aa759fcb2f908afef1bacb62ac0765d54fdadb1783e04c1546f2aa35a5254a1189af2e102136ec761e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a36030ab0227380c2b9404c2b1993672

SHA1
947b65ba02eea16a13a0372a27a20605b27d8b53

SHA256
0a43b78f90b23ca4ca9aec49f3670a89239f900423829034fffd3ba80e82c545

SHA512
774a9609f0878f7b0fd55cb7d8ae4b657953944020ac9df2173b1dc5a5e5138a705e010a70f464e33edab828724dbd70c378407661551b6738b8edc55c0b5d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e86b77b574e14aa1ebb5d37fefaa788

SHA1
5121c9d3120babacf73ad4f25a247985f3a19beb

SHA256
6013ede3c77ae599b0759e718c5e3fd822a3aa8595eae0df16f3ad1faf332b91

SHA512
74ef433713d5c8d6642dd8bdf66e9e264e97ee584479a1765b2c41e8b8a5b963c46f2cabb5546cbd310400d36a01675d1cf8130e50c766cacb5a3140d5d32143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93741f72-e01a-495d-ba84-bdbf7aa8c4cf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4bf71aa2210de6e841c41138583d0228

SHA1
ea5f67532062c1524ee461fa363de4930131531f

SHA256
8dda18c7926bf6bc42e59fa68d05ed6e7d26bd9b1a7ed1ce40f8dd1a9de1ab80

SHA512
fa9c13bb3032b939c04e9c372d6326516a1fc86e58c1931df86a53896c4dbfa435b4da91aa552ffb190430ec3226d27cac4f260cdc2a0ed5942e6a1f9e33e588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f348c1f34ab6d4c7ecb9f332c9188806

SHA1
0a38809734dea6d605e3ce710c6a36f6ca4a5bfa

SHA256
9db6e0bde8f2c2c1565b8375e89ffd4055afb01dc3152c1065284174586dd581

SHA512
87aeac3c6a3117659c4a3200e7be496e04d655cebe1670046acdd26dd0298e43e0c77ca0a333013d2d13e88dbcb0de3d4e70081f84c4d77888e2e13dc42a66c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
f1b91c8e2297dc887349787ebb35931f

SHA1
2e0bc8832d5390a41a6693b1ffbf40fb7cb63d36

SHA256
3c13ded1d58e958b4ba7630c54339a86af86c9b5567807518290a130ad34484c

SHA512
7183024fe1af4d705f5b099741cfb6cc9f15159a435b7eace37304bac88e48b96a91f724d5079330c26ef16e8208adea22c64f8d601938140410ab63fecbdebb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
10ffb080d7c69bbdd41dbc2e71ddcded

SHA1
1a20ce99207ad2622c1ac3e4fe325216ace2581e

SHA256
ac358372ce29c4f35d0f4636be249d6fd12ef80d9b6524246020b4b9adeda7e2

SHA512
68ac5de7e5e0530cd3bf455aa15c403e0f04e5398049bfabfa7f47e1cf579ceddc300cc32750891a6d1a651640f787f61567eae4c37163f47b911ea353596431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
90a5bbd89b2235b91b0b08f941996168

SHA1
b347165a3f36d3d3441c5dc02beaf7e7f6030855

SHA256
a6d229442186a996d7a2aa03b47ee1a064415abd4ed712a85a699c76cb0081b7

SHA512
a5a67184111d45516f023ad89fd293138572c89cba49f160b78b2ff4c4793504a977f7b6cbe75f8413fb506ab461d1b2b51c86a8e8580d1c9301314f0e695824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
2c1eb24b8878ca427978025c720857b5

SHA1
6f4a967b8d3e89902cd9532d8250bad602d3da22

SHA256
e15834f6fe1b9496150a4b00393f51e55e6ae16bd55e3e03edd4886968266a04

SHA512
93993664b08534884f8c48c550bca7191932afc0ef287b3bc6de76fc98c035d046c1d09a6c1f00ebe910185410fca63a16546bc7be1d00ce35bade2291bca925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d646b3037d4f36a5251070d3834b624f

SHA1
efeb959206d8a0b9dd344f7667297a160147de3d

SHA256
6fabe52f3e70bdad2bcc758812e92870ce6a69c2657261de985595e36007b987

SHA512
572675e3f74960a0e094ab18a6514005668c25f053ed70e91790f624e9c8350a1343519c5360b323e0f02616f6dbb47bf7953790916900db4dffe1c920d110da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
db4fd3059873e84af324fc29f1415b2c

SHA1
2758ed07f1c32733a9a63cabfc5b10f3029ef67d

SHA256
3934710841a5736243a2276aa520725a89d034a3025a8bb8ca714324bf51bb4d

SHA512
a7dc79f829d472508ff2acad551deca6a88ba2121a266fc7b9ffdcc88f1b78580138e5c77d05b494d9f79fab89ed162cb01311765a6e83f63dac9888ed24ed51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e5c71bae6b4bdce4e046b0c7136f8943

SHA1
47a22f558a3afab205e06d5749199013e14817b0

SHA256
7fb6d1b5eb1a6d7cea5af8d6418f439c19a4e150a32d7a61cc3aa43cf9ea76b9

SHA512
caa9af21a55e717d591f47feb3725707b2f1b2ff7de66f4ab8f9eba22302ed5b7163334df3083e06a5c875b233b8129de9804119eff12b3ec7fa4fda9e0ce294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
13KB

MD5
b83a339d62ff73300521388f255e870a

SHA1
6d559960e1b1946920b177b8069b570a323f2884

SHA256
3855a0193158e161bc6a578adacfd5f3f6b94c10bc290d2dcfae7ee237159543

SHA512
7061ff0fe94e822dacfd6ec12df6d14303ea799e97b943be93754eb18fba14f0baec56d3b70f029e90c03b00d186d4d97547a0d2b9571276051962400d94b767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
1aa56dce05e8e6242f49375278d2f9f3

SHA1
b2b170c0f5bbf09961414e094a1524062aca87cb

SHA256
32e456fdad2f510a768ff2cfcc92706e52a123922a1cf210daa3864627ac5519

SHA512
1b1ec7f432f26658fd92adf28c01c999adfd895bf0a69cecfbe309e76093b14a9e8ba26592b8e8e80d21d5f17b196889e66db5ab24a5573fc62ea54f66fb07fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
114547d26c2ba1481d67c1b7cdb6a95b

SHA1
275f3cdbd81607c3436e42958a68a93dac55fbfc

SHA256
eb8a518d39f81c9cb1b3af49329cc96c77d1e03c995755a085817d7602e26be8

SHA512
f61383ff74962f2cfebe50df3033cf39c5ea051fb59b11aa4608852284522544337a5b84883596e314d3b647d4f925ef8d8c8fb120185024f4e036c7dd301836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ddf1443e8315de84474039a0280172c

SHA1
8fb28bc58234e9cfe14558ce8664be7eabd94849

SHA256
13f70e96868da5248335f9e8d240adebe53b6a1e22c2474bb5c6d86e043596f1

SHA512
26132afb6c3b63f5bd47f7cf40f46133c9c07562d22339372cbb460d0334f03234acaf30a0efc9e9d56354347be368a8c4ee437ed351318f27d98bb6dcaa9724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c41c8cd4906628efd841a3c068e5583b

SHA1
881e966b95fb80ca2faefb0bad4bea47cc47c269

SHA256
2166d2d7f6bc6f1d307a661a22b61eccaf00af2e42996e873293d6e94d77b83b

SHA512
198ef2dff6c0ccd925cfb10a1dd703c62904b1ee0dfe8a104896e384efcaf060783b77cb37de70113bd7c9b17815a59a80de758caf4b76e8495600908bbf16bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4b0474ff8749718eb8083db8eb6a5ff

SHA1
2ec5123b01af3458d438ae71519a8955e7aa4fe5

SHA256
bfde5347d2b885f209acd5527205713fc605920d4b57d5b621a92b5d83e0ea65

SHA512
9cb13e7092158cf0205f0910225864f71283af5c16545fbc04679412225b1dd4d3bf8abb559f4808867f75ac11e36d893053ab47a6e7dd29ecdd814f262646b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fbe71b249421d9d01a37111461a4648

SHA1
ea58bcccb643a0a687338533e2e2b7a70f4d5ca1

SHA256
f33df46a38fe449a92ff64bcff724ed7958b1c520f515b845d61d8d44c32374e

SHA512
a08c8d4a2565dd4d9b1f7c735c4fa5e47a01e7e64d23a443e1a22cc1bde596553728300e8c0664eeff5929eb3629955ad1e10697182b5a957225953292d486cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374973399220259

Filesize
10KB

MD5
560c0e2e3ac68ac83ace3f44fb0a4f25

SHA1
bcca0a9a4453bda31f47d9400b883b223d06028f

SHA256
3b4ff95ea571f47e0a6029492ca936ae973ee98b23487a8192eb9c4e22c48cb0

SHA512
040101cf05d9820a4e9a4343f236d2d21dac8209cf8399292e6ecd30770aea40797c53153c4cfce9dd13f353e1bfdf0b79296c1cbd93db6e213a5a3bd279cb51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13374973399367259

Filesize
933B

MD5
e64c12bc5b8db50a21e3b001d6801a40

SHA1
145bb4cb4634393b5cd9df3e3cd6c8a4322cbbb0

SHA256
db3b7c583b7f558341ddca5790b4bf4737fda76f35777f337ce1bb4844bbad7d

SHA512
2f50b7f65205ebd3a83b04df1c4aee0de427af652dd61a06916b34ec7dc9c88325b400d2b5aa3834e1a9dfd182779d3708aeb25d8177dd1ef57a96b65e3df5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0481351e2ee4332994e231b079c1e875

SHA1
08f80bb7bdd9c9aff3cb9ae8ffc9915ee1d7ce7c

SHA256
9c75468b090526441d08dd5718e42ec39a8caacbdd3c54060498733c57bef266

SHA512
e9f3ca8899eb531ed04847c9b836855a40531e9a1efe6be4dfafc082601c4b85e42eb30bc1ab450f3bb93eb2d63f2d732f4c0737d7e4c5931e20480d1292c5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d5e451e8ce64f14d75c7e0634229904b

SHA1
aaaef20f00387beb56336501ee7bb669d13de864

SHA256
0d47784afc916ad736569395901800808ad42cea1fa6e7828f60ccf183f68eda

SHA512
4655fa61f2cbc18588e7d5a2c7db2430e1178af5ed705cae6eea57be2df71f26ec21daa5c5d033b80ab44d5433e6329bb171a79b24dca7e84d5a2bfb309efa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ae605bc476d5ae5236330b297a0d865

SHA1
9a8bca4f3dca1144ed3dbcd991b929ce24679061

SHA256
7f87e0d5684b7b0ba6015c7fc3eae38f7647fba78a8d4e4c43195279fa35c353

SHA512
b12c13967e13ccf3dfea7c267909d42c53758f27c564cf6244be9c07680f5e28c9fea1c8b0e4460456b9eb077cd189312ec300662053fdf2127f714e209eaca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6a7.TMP

Filesize
1KB

MD5
a63578abdecc3d04c955182aa4123b13

SHA1
92fab84bded051d87859ecd596f9bdebe66d3fe5

SHA256
9733f08c350c07c396a46a70a7a83a7a423d35a2d3ccb5506c501c0bbadf1f5b

SHA512
c4e86fe4d288c48c263a0ec56c5a565394d6561046493bc43254b3e108bee00d84f4067efaeb68bb7fe617da2060d0e6537a09fbdb827f8f15ef8cf39e173903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b09924bc8a4854bd086d1c3509855098

SHA1
d2bcf98316b453a6894d9be5a9cbf1841b5fcb2d

SHA256
512e50a8f199c3db6b0fbb620b6d427f38b13bb747bd6756eeaa1be9ea78d26f

SHA512
c3e4ed09c1a3b18870084eaf1b68448506d702973549022ccd1e65c495a7033737b989a8fd048580feddc091ed21f4c3688b07e2b3940f2df409b7bb9d180dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.7MB

MD5
f153b2a0593b42642ab6448a4d41be53

SHA1
23241ff6e8c559926e7c9c5e70fe434c32bbd861

SHA256
11024803823bc02c8f58243c90f07d56383aebfe175c18b0d848d934bb95ec00

SHA512
68310c23a055cd216940132c3d3002dfbca641cc7dbbb0354ee984abbf8b91470a56b41f0c8d2b6b329382947900661e7822b49bb85eae72140919521f46f05d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
23KB

MD5
81a1e9eccd7671a8b992c9fbc2baec27

SHA1
cee7698176e8bf2345b153362138677b6dfa2057

SHA256
59bfe82bf6bf1c92adfaf45819839cfe73494a8a95865b0b42b432165e087290

SHA512
ec622f8e4153c38a4566fc79c3a665774c4d4ffd37aedf0adfa90923ea8434d0df4fa75e8d00d88a61a11904537b196548856b7a5a3969c7bae8a628fbeeb86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
76730594e202f0a3152b7cb9796f209f

SHA1
21bfd4f7e8ce0b3c8a49c18df55ec2ce686f412d

SHA256
67302a827ffabd94edf7360de23a2d70485b7027e3b991195985137c66c96548

SHA512
12f4827b897a35ff654e8a4570cd07213b8837ed252a12b5cad769509dad2d13eb37b6baf1cfb67bafce701e18c38faa49db5a7684b804d297c070aa6b69692c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
95887ab6548fc3b7b08863210467e600

SHA1
f30780dd5128ef19250194ce0e3a509c1d73399c

SHA256
31eb1bf890fcf87ef9564e59d74d77d7f10544f95ea2e2d4be94105d6539534f

SHA512
5b29c2b19b0cb63558e187a68998b4aae0910c60c446f7d249ae138bda701cf2c28f6364193f8992f403ec8f8c7437d1ad5bb07f757f3c15fe14c180aecec77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f50670a5b18412aaaceb06ffc4015d8d

SHA1
8b6849f1f2b45cdb56e517aaa35416f4e1796610

SHA256
f6ddacb8f55da3752e43c14d72c2cf8ae0a540c79482735fce3c44809edd1756

SHA512
41ebeca4d8f50c1f3e9e4e68e81522a14d87fdbba55fe12752031e6021460d360fc9a0fc456e59be2fcc4c4cec97368202aca7bb2c77da54e8b5ee16003f4d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9c46001ac069aeb1dd4e46673cae8b2

SHA1
02c9bcd1d1386caae366dec660c1f2f3e6ea1fc4

SHA256
dbf5495a961d7a2fa748b7111f9dfde04e5bfd82d9b5cb598cee617b94447d23

SHA512
5da4f152c7c5de119a70b56a970ec3aa6e241c59e5fea705ccb99823b97571361a2a6d98b1bc4e61885862222ccb7625daf0208feb18af537dbf9b560978ebcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fea386c50d581573d1c256450315d12c

SHA1
2bca6044b6462bebc79a6d6d5edbb36a7b181b14

SHA256
a5bfd0e52826ef9cae21e5d4ff09a283841891780fb307f754680548de2e2440

SHA512
fbffb617f61cc402b8170dbf844fe6dad2f096aaeaa6b123cff6b74e5ea9ebb7f301902ead9fe3bd008fb2d0fd957a984006c1bc3b5d8b834400238392601965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4e78125ea07964d3030bbd15822ff70

SHA1
1cb263fea2763b11ee921e1829465231e6dd110b

SHA256
f9aac61a7e81f0053653fe4ee5c6fa0a4b00d1ce55268e9c76a734c4df9dd0f1

SHA512
c43a9f05be32a22b69a28f08ec680ea3bedd3d62d500483c347e4208a8e7ba1d13f727a90aab3fae370e1c601b120b0cc527d12b8e0ba044c13f8b75b28156bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
78cd88920c19c66e284583f3679ee93c

SHA1
8173354f36c9cb4d5a78ebeb2ab62952922d9ca5

SHA256
ecfaf3f6416f70af4890f4238677c47f025e80b3f0e8457c0f5fd99db9016430

SHA512
bd6bb02cb0d0e8c2484d36cbe8c238d094021efc44ac3088af31d82132189194a084ff83aa002ae7f223a16e7d5af876f46f4be93d63277b174d3279d24fd08d

Download Submit
memory/1044-240-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-270-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-318-0x0000000074F30000-0x000000007546A000-memory.dmp

Filesize
5.2MB

Download
memory/1044-317-0x0000000000AE0000-0x0000000000D56000-memory.dmp

Filesize
2.5MB

Download
memory/1044-326-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-241-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-332-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-506-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-271-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-325-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-272-0x0000000010000000-0x000000001025F000-memory.dmp

Filesize
2.4MB

Download
memory/1044-333-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-665-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-663-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-666-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-668-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-669-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-673-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download
memory/1044-674-0x0000000002CA0000-0x0000000002FA0000-memory.dmp

Filesize
3.0MB

Download