44caliber | 077208157453c61a8e0e0595da78aaffac3731f594918cc0b7c2e75016b17812

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 14:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Insidious.exe
Size

303KB
MD5

76479a85ccdb095400ce6f8e49f6f96c
SHA1

dfec26827b24892ba64c748bedfc48b8f83723fa
SHA256

077208157453c61a8e0e0595da78aaffac3731f594918cc0b7c2e75016b17812
SHA512

b77c51a9e24fc06384ed38dcff109a37e95076ccc80bc7a041e75f400ebca77a3cadab207df1f3048bd28193ed9425e3a4ce347f1da7adb3fb30b2d27f28e41e
SSDEEP

6144:Cb4T6MDdbICydeBrdcQG3yf51+/wjmA1D0phr:CbGhcQG3yB1aK1D8r

Score

10^/10

44caliber discovery spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1300845993885171797/d6XLWleeGXHsZqUyCp-qA8LBbM-bHv706qhOGiaznpjmNKEE5oNNgdQn4SftKZB758x_

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
44Caliber family
44caliber
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	freegeoip.app
4	freegeoip.app

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4264	Insidious.exe
4264	Insidious.exe
4264	Insidious.exe
5244	msedge.exe
5244	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4264	Insidious.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3656 wrote to memory of 1704	3656	msedge.exe	111
PID 3656 wrote to memory of 1704	3656	msedge.exe	111
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5232	3656	msedge.exe	112
PID 3656 wrote to memory of 5244	3656	msedge.exe	113
PID 3656 wrote to memory of 5244	3656	msedge.exe	113
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114
PID 3656 wrote to memory of 5308	3656	msedge.exe	114

C:\Users\Admin\AppData\Local\Temp\Insidious.exe
"C:\Users\Admin\AppData\Local\Temp\Insidious.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb39fe352h568ch41ebh8dcdh5741fe9c7549
1⤵
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffd9ac46f8,0x7fffd9ac4708,0x7fffd9ac4718
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,14159072244033764004,10822697069689259859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,14159072244033764004,10822697069689259859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,14159072244033764004,10822697069689259859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb2ac463eh1d41h4849h9989hedaf47089dd3
1⤵
PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd9ac46f8,0x7fffd9ac4708,0x7fffd9ac4718
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10828887666350673272,5660681115405769661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10828887666350673272,5660681115405769661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10828887666350673272,5660681115405769661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:5884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1308673bh8835h4c88h8aebhda2eb7755723
1⤵
PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd9ac46f8,0x7fffd9ac4708,0x7fffd9ac4718
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1519006680634345318,66836563719310526,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1519006680634345318,66836563719310526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1519006680634345318,66836563719310526,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:5172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b779714ab59798774fbf39a70ffe7277

SHA1
ff4d214612ae50f9c3bfe00b778b4832f2bf45cc

SHA256
3932a325c2432b4d752da45a82d2fde3eafe58cc923340f902bcffbc219c6362

SHA512
454741c2f05821dfa5be4e8472210bc2a4b306ab2d3ed552aca34e60507cbf976e9995db4144e3b5cb5ed1931a523f2d22c6345a094265ba0d522ac82f7f17b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4255cae88563058c7eaed69088da0ab2

SHA1
2bcb70f6ae6ae0207a7a964422cac20c80b26394

SHA256
b0cb92f0d6e6cb20ace15d6bf06015570aee24c0d06a8102200dfd3cf4118a15

SHA512
cb41c1797e6d6c5a70d9045e0319ac92512deeb4d4280a1d9a607c2a4031db6027a050633b95fadce63f6f7513ba599f336182b6ce50a0cfbc44360723c461eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
806d271b63c2bc170813afa83e15671b

SHA1
b0a5d4f3e2094a99e402438f3ff4e153a7cb7453

SHA256
8c36754533e755375f987fe74c3499ba8f6044af05b416dded069e37f72d405e

SHA512
eb793dc197be47854473bd49ff09902e390562c182d87a670dcd7999f512fe4c090452dcb93a8bf7a4b8eb031de94f2e399dba802ca33f8764eea256eb5e805c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7fe2bbdc-735d-4831-8504-3a361bf68009.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
865efcaf0b9688e3f01ff68cac6461f0

SHA1
87bcbefe97f8bc01ecb369a2c5569afc185794e3

SHA256
bdf9e22bcf62bc59eac188dd0c868266f52d7fa19dc850e25aa0e3ebaeaa1998

SHA512
93b7b0b0e1fc11365c9d337c0e9afb754616e8817549215c769fcad966d7c8c1f4c744904eb1de620e6a7091d46df0111597a712b46b633a7172dfa8d26297fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
423411c6354c44abfd8b44b86c670d71

SHA1
c95586b6749957e372ca1d8772ae512d6f3acde7

SHA256
c8f760445c382e83c704dfd3b0713ac3063ff86bdf92992c823770f553e6028c

SHA512
63c2f4981f341036cdb32f8532ff860c56c2081a41c32691756165aa3fabcaba72dd7a6f479a59b56f93104a29d21ceebf91f599de89ec6e4df099a36c1b34a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
04da9a28c934048812a59dddf0aba672

SHA1
193988331bbeeed2a48dde44d72b77bf226b0960

SHA256
c76670c675dff023961ae4d1f4058897ce246b85a599f08371f62cbc3f35930c

SHA512
5c6c907985e4ddb1bbb8e837d749f698ee7a6d90df9e12c220b69c83aa19b3821390de2dbeeb8f39b12f1d46f9f289c01ad816601a9986825e62bb8fd6c8f437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
fdd81297b97fa382e4175c8950449f13

SHA1
40d2a6fd6c82bde97930f2cda5a6dabc23929925

SHA256
de9276f6b5ef0aea6aab50dd3f3cdf372c623880d9f310598a96c0b2feb7e9c9

SHA512
d7e16992c051f8d321a597feaa6fce7cd23ab183571c23031cfa9d8c7ea3567d2d8470341f314a776d5031305dc1d58130739bfd2415eb9c086047b6c78d56b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
bbbdf774cb38ee9e87a59f98669255b3

SHA1
0ef5c9511d64be683a0f2dc304fb0edda0550993

SHA256
ca3d0e8735eaa1358565039f441c6f31329499a80cb13ec0f9077ca964f25500

SHA512
7763eb167deb365252ddb33f12556b3011a407b343c136ad5dedfe7d7477d901f25764e3c16b4a41166da578a0fc6ee6d650dc34f2bc3a5ec660b3412b317f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
254663b5df1544e9990c5c743b3cd526

SHA1
e46cd0d42e60dd540b31d0e96780adb019f9a4a2

SHA256
7cd3da8a74b6bac066720717cdf17b4798603ad6598420bde6243aca619313d5

SHA512
32c42103faf9ffbd949e6afbbe5299f345e48285a0142643127d9aa76ccd3b1bd08877232086b84882c270365eca4e81ab71059b01915905313c60d4bfc15da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
bdddad8ea6c07cb3ddfc5ad62f34e4f1

SHA1
655bfadbf509569e8c0f741bf320fb5481bc9e27

SHA256
6538d8ba288889a71a1a01c3a5650300e1bd028061481f4d6323d2aaea7eae28

SHA512
0006c61ca5281af927625354d6d3a6a62c55fc0ada8b46cef39fe0762acd8ce5e163334fb490ca609f8662e3693ccc72214587ae6c8c7c262f5e20b2b86e5cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
2dae902c5812f4b9ac735b77dc149e16

SHA1
a3dd83908697895bbd0682f31af5bd871d4eff09

SHA256
90e3f7e19347cd3047017b27132f781fe7e291da5166eb235b5130fed8eef70e

SHA512
a38480b89afe0aa94f8ff0e68a342775a5a5c6466a26fc734f34ff8df889a584deb73ab8bd094379e7999959580c9083e4b5b812f0afe6f45c471f3ed2e952ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
653c4b5ae6fd79eea47973953f217cc6

SHA1
17d12c48d60bfa8e60d6dfbda6ae91a9de42cb74

SHA256
175ddd84ce3f42e4c10916078d814f78a25cff120348f1ceee12e1bbf9741096

SHA512
17bdb9360499ee7a5cc33e86778fdb755a800af1eef963fef52e37afe835b6a83d626768d2a36312b948a8864ed9a02e7d0cbb2aa0edcfe31b17c6e12c507ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/4264-0-0x000001B92FB10000-0x000001B92FB62000-memory.dmp

Filesize
328KB

Download
memory/4264-1-0x00007FFFF6F30000-0x00007FFFF703B000-memory.dmp

Filesize
1.0MB

Download