hxxps://www[.]vbforums[.]com/showthread[.]php?900231-vb6-edge-webview-demo-by-IUnknown%26%2365292%3Bwithout-rc6-dll

Resubmissions

04/09/2023, 15:19

230904-sqhkpshd46 1

04/09/2023, 15:17

230904-spccashd44 5

Analysis

max time kernel
146s
max time network
151s
platform
windows10-1703_x64
resource
win10-20230831-en
resource tags

arch:x64arch:x86image:win10-20230831-enlocale:en-usos:windows10-1703-x64system
submitted
04/09/2023, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.vbforums.com/showthread.php?900231-vb6-edge-webview-demo-by-IUnknown%26%2365292%3Bwithout-rc6-dll

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133383143998610774"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3618012334-189558363-1282585034-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4100	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe
Token: SeShutdownPrivilege	3608	chrome.exe
Token: SeCreatePagefilePrivilege	3608	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
4100	EXCEL.EXE
4100	EXCEL.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE
4100	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 4532	3608	chrome.exe	63
PID 3608 wrote to memory of 4532	3608	chrome.exe	63
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 420	3608	chrome.exe	74
PID 3608 wrote to memory of 1044	3608	chrome.exe	72
PID 3608 wrote to memory of 1044	3608	chrome.exe	72
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73
PID 3608 wrote to memory of 5048	3608	chrome.exe	73

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.vbforums.com/showthread.php?900231-vb6-edge-webview-demo-by-IUnknown%26%2365292%3Bwithout-rc6-dll
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc53a19758,0x7ffc53a19768,0x7ffc53a19778
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1504 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:2
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4852 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4840 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1820,i,13949312796790803316,2828396268664876290,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2120

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\vb6_webview2_Demo6\#WebviewFunctionLiest.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
54f351697776bf0a387271b9009184c5

SHA1
15e0da5b40650e0e57c615bcd9e96eb82c8727b5

SHA256
fbe08fb0af96b5fd31f2ce5ef9ee4386bce26539f114cd4e98fc7f6c14b27531

SHA512
55405e56fcaadc45d832da0d5c5c3edc965608fde7ee9c000f43089fff8f3cd42756814700f3fb377da56682a226aca870cb855b67e979822b40279383c0eef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\66d358f5-476f-4e3a-aa50-9c10e4aa2cf2.tmp

Filesize
874B

MD5
1a4d897427ed634b72acc13b08a6d375

SHA1
119f3f0bfc0e14703e030f1a981b58b22ac8fe10

SHA256
a8ed29f5509a67d994760aac7ed4d1e9200d9e7c84f4a11d8edbe63b6193f7f0

SHA512
fdbe428bc8395050dd7c52d26f960c66dc8d1aa52f6dbc6ec9f567c13af7d5938f8904c3920da67cc055b160a3265b00eab5d90a127685a6cb3a32a079d3070b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ef5fda69e52f9eb96b66046a975ec585

SHA1
b95fe9f353bc9ee70ed7f090ea3b45ece6a01616

SHA256
b190f67081d3fc38ac1a66e09c8091d53867ce937d830f9026cca534fa4601ec

SHA512
f1ddee2abb4a7e014cef50990dd1e7dec90df9a66ef268cdcd679c0685b7c5e58cdbc101efa328f2f35e3a44084d23a24a29cfa1c5a0e1cd73c9163da1c0c2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
fa82d07f43ff98daf1ac3bf6161da7b9

SHA1
2bde12543a1165ca6909aaa46800044889e33f2b

SHA256
1400465e3102f9772f632b82953a321b37b06e8e1147afcf01a74a85a2873e71

SHA512
1c75d88e58b00bda3702b2f0f6eb0871f8ca202891b53db1826d8c0ac62db855110f5d8313a79c04c247fa668559d344466ff9239525f411f5cfe155818b7bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6d66a30d2811cbff4c39268b8587bc96

SHA1
9b3c02ba478bd9994bc19225abd0e798d0516169

SHA256
4368582b64adf172ac7f3ab6f40f23edf0173b7977a330acd0c34da6aa3c76f7

SHA512
db48d8c86e7d9364d1c709b21d6f30fe50e4c2d9699dae4b55c01c053198e2c109f9e33855dca7c57d988e8df8e7dab399b6bf33148b667aa17bdeedfd4db236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
442393eb7b7ee01aaacee320a009e0ab

SHA1
c76e5d50d0caa7b49a7f122c8b84a626cb5d5e87

SHA256
7cc8d65ad6ced8a349af25f064dd3f6bb8ade335b95a9b0ed4da8964f92a0eb7

SHA512
b5a3d04bb2a17e18f5919bccd76456c7333224d52717738f9fed80d3ca44cf9ce28338ed0c843d5ce57d943bcc695f8edc8401b0b47b505163c83d9d99ebe700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a499f45c7d5cdc44e836d169803301d9

SHA1
6735ed5c2ad5860c1bf6159130280c07b979c5e3

SHA256
9d10956f22b54979371f928ad40cb3e020ff75140caf323d0b326f88f9cf7ca5

SHA512
97fa56746c6b6d4200e5c60fd7a5d4469df2f242a6e9a8d815fd81c495cdada8ef2d4216a1d0806cfd15a662bf20026ed7164305ea27d0ab24bba02bb457e97a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
97KB

MD5
be7d1eedb449897c98c77d2ee13fc543

SHA1
78ad755873fe022a745fa2dbeaead67ed3393eb5

SHA256
11fb530e67f021131d310dcf21001f665847d567df6c163db1c249b94705719b

SHA512
8197618303c4d87e7c1da9b0a47d961a356f3e9c57abd2df2fd57f268ec645de004c74da75eaa4412642725f16a43dae9713134f34134aa234bb4315f91fa83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
7e2478f3a12155d16cf1011936a4477f

SHA1
cb69adfcbf92f3bcd6c2657f5e13b5333a86fc9f

SHA256
ebf6bd76bf20cf9918c4ae8f66368025d239f8437b0593fa6b2ae7798b6ba30d

SHA512
ba97953a4a1fd5cef9aaff5a953e0618fa90b605db7f569cb80879dd19df130839a82a72686a2477d149ee713a57c05afd1a1bf8a52dae517bbe6c8f3ebba207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
656df07e5db7e0ee23d399ed17d5d5a4

SHA1
4ae0fd8aac6b0b9b4d5d0eeb149af78ca1ae504e

SHA256
3f3808230ded59ab00f70836c0ea47612418904d11fd7820830b93d4f01aadb4

SHA512
0956e12eb6fe4b57bd074c51322ad4c27a01b699f4e4ab7727a984ccce2ff1fd9f2b2b42193f650969ba7826a87ff8a763f5b3032ba3452e0f9d2a62ac9efe1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588cba.TMP

Filesize
99KB

MD5
fdbae25b1fa70fca993e9254050df03b

SHA1
4715d4255d97f638688e6efb38d58c19cec8c63c

SHA256
63205ba78a69c705e84a6287f3c85cad9c5cdb2d7fd4c9341d65349644b12f5a

SHA512
b4816620165ba6094a4407a6626bcb2ed4d39dcec30c0d6ce289abd730b20c420ed9a9b54be8caa45cffaae7c6d049f4fce45bd2900e7edad4e3e0bb31286dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
827B

MD5
cbcf987e20cbae0b195f95e3eb3238f2

SHA1
0550efb69798faad89a67fd03ac1030f994cc916

SHA256
67893218888e24ecc63e57fa4c29d10365d3cb1757374b66a8d35586c95974ab

SHA512
9edc2e37423a9ce747bb08f2c1b6d29c04ed580b0f13b5974df577830ca92655132ba8b69ee01e481920924df548850997cd1cd805d7e5a8fac436e21746aa03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms~RFe594637.TMP

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\Downloads\vb6_webview2_Demo6.zip

Filesize
25KB

MD5
20902090d1356f7bfe5891c281f9ba34

SHA1
397c61afa9e11af8a6d6087c8efa00d45fc15a59

SHA256
b6a346f9ca7837d9d69c048a3c8420cc0f32552efa6733aafcd7db9d8044bbea

SHA512
c1df0fff8da119ad29f93a586bff85d92de1125a945d2531b50233b081c69e8d16a09c4cfaa3f49a2be04a2d7fea38834e84b2769d52b0cd72941b040d02542f

Download Submit
memory/4100-189-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-188-0x00007FFC1C7A0000-0x00007FFC1C7B0000-memory.dmp

Filesize
64KB

Download
memory/4100-190-0x00007FFC1C7A0000-0x00007FFC1C7B0000-memory.dmp

Filesize
64KB

Download
memory/4100-192-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-191-0x00007FFC1C7A0000-0x00007FFC1C7B0000-memory.dmp

Filesize
64KB

Download
memory/4100-194-0x00007FFC59CD0000-0x00007FFC59D7E000-memory.dmp

Filesize
696KB

Download
memory/4100-196-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-197-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-200-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-203-0x00007FFC59CD0000-0x00007FFC59D7E000-memory.dmp

Filesize
696KB

Download
memory/4100-206-0x00007FFC19550000-0x00007FFC19560000-memory.dmp

Filesize
64KB

Download
memory/4100-207-0x00007FFC19550000-0x00007FFC19560000-memory.dmp

Filesize
64KB

Download
memory/4100-361-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-362-0x00007FFC59CD0000-0x00007FFC59D7E000-memory.dmp

Filesize
696KB

Download
memory/4100-187-0x00007FFC5C710000-0x00007FFC5C8EB000-memory.dmp

Filesize
1.9MB

Download
memory/4100-186-0x00007FFC1C7A0000-0x00007FFC1C7B0000-memory.dmp

Filesize
64KB

Download