Overview

overview

10

Static

static

3

XToolUnlock.zip

windows11-21h2-x64

8

XToolUnlock_v2.9.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    132s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/03/2025, 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XToolUnlock_v2.9.exe

  • Size

    634KB

  • MD5

    93adf8065f0c98800caaa0c04643086d

  • SHA1

    1d9155ca4e97cd715a2053e98578bc3c41e144dd

  • SHA256

    93333cc84d80767f88528b50cd5f563a7fc2626e0817ab9a666df733dd51d369

  • SHA512

    6253872a445477fff892ba37f51aa44e655a7f61dc8ee8e9242911b8c2e9dac105234681255cdf82526239bfc582e8205f8aa9fb7e6a94b4cf2bf696dd26524b

  • SSDEEP

    12288:SaQ9+ICJkAp0mBpehM8ppy+E4J/aDQy5b4WeZGl/GtWV3OH2JrZwIRlUR:Kw4GBpehMjcuP5b4Fty3pZwglUR

Score
10/10
vidar286abd424eeeb855a080435369086f7fcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

13.3

Botnet

286abd424eeeb855a080435369086f7f

C2

https://t.me/lw25chm

https://steamcommunity.com/profiles/76561199839170361
Attributes
  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0

Signatures

  • Detect Vidar Stealer 34 IoCs
    stealer
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Uses browser remote debugging 2 TTPs 8 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    defense_evasion
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XToolUnlock_v2.9.exe
    "C:\Users\Admin\AppData\Local\Temp\XToolUnlock_v2.9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5784
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4536
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
        3⤵
        • Uses browser remote debugging
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4160
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5946dcf8,0x7ffd5946dd04,0x7ffd5946dd10
          4⤵
            PID:4976
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1964 /prefetch:2
            4⤵
              PID:4948
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1484,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2244 /prefetch:11
              4⤵
                PID:4396
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2560 /prefetch:13
                4⤵
                  PID:4404
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3240,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3288 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:4640
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3324 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:408
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4332 /prefetch:9
                  4⤵
                  • Uses browser remote debugging
                  PID:5124
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4772 /prefetch:1
                  4⤵
                  • Uses browser remote debugging
                  PID:5600
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4796,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4908 /prefetch:14
                  4⤵
                    PID:2976
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4972,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4976 /prefetch:14
                    4⤵
                      PID:2884
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5356,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4304 /prefetch:14
                      4⤵
                        PID:6136
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5424,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5432 /prefetch:14
                        4⤵
                          PID:1468
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4304,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5624 /prefetch:14
                          4⤵
                            PID:3124
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5300,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5480 /prefetch:14
                            4⤵
                              PID:5828
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5472 /prefetch:14
                              4⤵
                                PID:1584
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5700,i,1167203049076703766,12028590418619817479,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5684 /prefetch:14
                                4⤵
                                  PID:5592
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                3⤵
                                • Uses browser remote debugging
                                • Drops file in Windows directory
                                • Enumerates system info in registry
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                PID:3732
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ffd5944f208,0x7ffd5944f214,0x7ffd5944f220
                                  4⤵
                                    PID:924
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,7361111930439684072,9334540924988092590,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:11
                                    4⤵
                                      PID:5068
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1952,i,7361111930439684072,9334540924988092590,262144 --variations-seed-version --mojo-platform-channel-handle=1940 /prefetch:2
                                      4⤵
                                        PID:2444
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,7361111930439684072,9334540924988092590,262144 --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:13
                                        4⤵
                                          PID:3048
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3424,i,7361111930439684072,9334540924988092590,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
                                          4⤵
                                          • Uses browser remote debugging
                                          PID:1468
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,7361111930439684072,9334540924988092590,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
                                          4⤵
                                          • Uses browser remote debugging
                                          PID:5668
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\ozm7y" & exit
                                        3⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:5360
                                        • C:\Windows\SysWOW64\timeout.exe
                                          timeout /t 11
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          • Delays execution with timeout.exe
                                          PID:4532
                                  • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                    1⤵
                                      PID:756
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                      1⤵
                                        PID:956
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                        1⤵
                                          PID:2424

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\ProgramData\ozm7y\mo89zu
                                          Filesize

                                          288KB

                                          MD5

                                          def0cf75a6be0859b6f4ddea8126e46f

                                          SHA1

                                          60071b430ef7a9dcffdf42f602c8d24920b2dc87

                                          SHA256

                                          5c6def654b88384e314eacb97ce59bdc42be9ee6db2ea373a0e07d41f8e0b9a3

                                          SHA512

                                          9a3e866adc5f39f8a551552a61d59905186b01d1abff6945ce23d67527a68996b58c927366fe0d0846bbf1eb229ccc37bcb93dd6a86474bf307319ce3df7ce4d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                          Filesize

                                          649B

                                          MD5

                                          c31e4a4b151c607010e279486e89cebd

                                          SHA1

                                          af94f3e4a13e95b96f35bd2dc491f020ed21f52b

                                          SHA256

                                          42fab4a02526daaf981e8b6fb8fa88c66ec34c45a8500ab84ea934fe9ce70a6c

                                          SHA512

                                          75d6eb52938c1778dc114b952ce74de70e271586b33cfcbe69f465f3e9e42a37532ebabee8a70ebcc01f3940393fc6d010e50cfdb1278650cccbde4ae03f389d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                          Filesize

                                          80KB

                                          MD5

                                          231ef0bbffd8ee6615354253f0c781ac

                                          SHA1

                                          3474c1dd3ebf075592e173c250e6a609b9db679b

                                          SHA256

                                          3e70eb0c539deac88bbab0a5edaa359683574becd29252b65442b4882ca16742

                                          SHA512

                                          793ef0adff2675037c0f5deb0202b082ecec6b0699b5b95767ab4677322eb6eeebf362ca6653dd608ba6e8fd8549b337f235caa8eaa9fb5b8646d6b05df20799

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          280B

                                          MD5

                                          ae987eb15fd5136f2fa707a7b1f18abb

                                          SHA1

                                          bc4aa67ba8692031bfead4b653fc6fefaee3dbbb

                                          SHA256

                                          f5e0e4ee660e95e1c4f64d5aa134aacf9f7fa1a9b9cfaad10f5b57b24d331d1e

                                          SHA512

                                          fb98d55c498ab80b1f7886b56d0e652e648666bfb13c61c20d495dfb9f2e473e24821efc48f103fb0705e199e56b3e23a0bca82c0296d690104eb0d79032c0f0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\219b37d6-b9a0-4d6c-b0c5-9475d2ccf147.tmp
                                          Filesize

                                          1B

                                          MD5

                                          5058f1af8388633f609cadb75a75dc9d

                                          SHA1

                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                          SHA256

                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                          SHA512

                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          40KB

                                          MD5

                                          8ca2698cbb8916aa9531149fcfb67a68

                                          SHA1

                                          77037ef5c7bed5ed7200a37768030c40f96ea9e4

                                          SHA256

                                          fb94b00046cdce5dd25a5b1848df14a19ac5e746cf8cbe1280a7933d6ae321e0

                                          SHA512

                                          b5d879d5f717d177c84994a66c62d56def9ae91b399db9e8c5f2e995f892a03e5e74c70fb6e25ac58171be070b77d7cdf1c2a030edf80316fa82f6137eb16490

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4160_2059697565\1365fe62-c872-4d18-825f-6b7c03c42a23.tmp
                                          Filesize

                                          152KB

                                          MD5

                                          dd9bf8448d3ddcfd067967f01e8bf6d7

                                          SHA1

                                          d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                          SHA256

                                          fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                          SHA512

                                          65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                          Download Submit

                                        • memory/4536-27-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-393-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-31-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-34-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-26-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-25-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-21-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-18-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-17-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-377-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-378-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-379-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-380-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-383-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-387-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-388-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-389-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-0-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-396-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-12-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-11-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-2-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-760-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-839-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-842-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-844-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-845-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-849-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-850-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-851-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-852-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-853-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-1-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download

                                        • memory/4536-855-0x0000000000400000-0x0000000000429000-memory.dmp

                                          Filesize

                                          164KB

                                          Download