hxxps://codex[.]lol/windows

Analysis

max time kernel
324s
max time network
323s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://codex.lol/windows

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
920	WaveInstaller.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WaveInstaller.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664850673822509"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1232	msedge.exe
1232	msedge.exe
4980	msedge.exe
4980	msedge.exe
4688	identity_helper.exe
4688	identity_helper.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5248	msedge.exe
5624	chrome.exe
5624	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe
Token: SeShutdownPrivilege	5624	chrome.exe
Token: SeCreatePagefilePrivilege	5624	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe
5624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 3548	4980	msedge.exe	84
PID 4980 wrote to memory of 3548	4980	msedge.exe	84
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1772	4980	msedge.exe	85
PID 4980 wrote to memory of 1232	4980	msedge.exe	86
PID 4980 wrote to memory of 1232	4980	msedge.exe	86
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87
PID 4980 wrote to memory of 4620	4980	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://codex.lol/windows
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0446f8,0x7ffb2e044708,0x7ffb2e044718
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13865974508374434505,9003745953766272016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x11c,0x120,0x124,0x118,0x128,0x7ffb2d8acc40,0x7ffb2d8acc4c,0x7ffb2d8acc58
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3348,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4640
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6cdea4698,0x7ff6cdea46a4,0x7ff6cdea46b0
    3⤵
    - Drops file in Program Files directory
    PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3516,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3136 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4916,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5276,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5112,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5480,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5592,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6116,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6112,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5776,i,4581700781219872482,9365102200463201145,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:3036
- C:\Users\Admin\Downloads\WaveInstaller.exe
  "C:\Users\Admin\Downloads\WaveInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:920

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
18809136c48498195dae0e0eb19c55cc

SHA1
f170ce2581fc85e59d2f6c50fc872396ed63c87c

SHA256
e9c768a1e2f8ec09d931b953ed15774b692f6f314a1b4b48c918e00b48c2c941

SHA512
88ed24e88520c7dcbdf784702f9a0073af4f02a87bcee7b8e3dca1b724996550056b1389b6874dc2fc24ac0bcae59f4d92cedb246db1cbe1f51e680ee947472c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
20KB

MD5
f50b0303a93c67e65305be05cbe1fa57

SHA1
4de34e70f9a065d38ce665fe473c9d2631446135

SHA256
b6e402069decead39d4fc8b1be4458df3dad2e85d34d0d0b421fc870099e2cda

SHA512
ff933165e202a26decb473ad2f437ec749336a8d5b14afbd9797fe63fbada989de3ff22251e7580f775d7011e428876b37be66a0cd68ba656d38f577ac9e7824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
45KB

MD5
74c3556b9dad12fb76f84af53ba69410

SHA1
342edef074482299f72f8f7a8862e6f908bd4137

SHA256
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1

SHA512
78ae2a421e6aa394f78200187a13f9b8bb313a85dac223d2863c46e4f53393033cbc400b40d2044390f3b79105da41d1a59f81d796561b8dc1c2a7b763bbb9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
28KB

MD5
99da83e40906a4e321de96b34e373a43

SHA1
28a719880c95ee04b4e08ad2d18ca6bc0aac7fde

SHA256
cdfb906c6d2eefc509a27405e64138eed37d3c020bf8374dd50f2cd1c6423095

SHA512
ca4700783587a7eb0070a0bc385399382c69793bb03656f6fa98a9dcd98869b48ac9fb4f253eac4bf5a9abdf2e46a51dde607abee1732a043908431376ec5f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
52KB

MD5
20cab8626717f8e4ec3423810d92da22

SHA1
4bb539912e8d36799eb47ad7989aecb66d11bb79

SHA256
05a5e172730ab9e1af2b96c0be0f5f31d784b2799d0e0f2e0743c777bfd09e30

SHA512
0794a859ca063422830a5a16f474bf0110f5a95bdb6e6bc7c57c1ba3ee8a53a5862ed555b79b94b82d4858447dfdaa2b4292486d72a916d64de832489d8b892e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
23KB

MD5
64e64ff8585a2fc668831fa62860260b

SHA1
061e535b7185704bf5731af0ea0d51ad68daa171

SHA256
04da82aea6fce95634cb6d9cd550a5b15d64ecc3e9aaf7497bde26f90949d22b

SHA512
884c2528ac46f74f037989775508d1719c5652e31a4c7a57b9278b58a36c2793a405bc5e7fc2d8a6c9b4e918eca19ddd44e434ed4f082101f635cf476f4ff12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
28KB

MD5
de2586d1f14c6b48320ff8b55c7a4463

SHA1
94f2b17d12557c8ef79dcb5c61b2bca9d1405edd

SHA256
7a0d20d15b296b89e2261898b92a24695dbfa45c27bb9869953a9a94dc01baa7

SHA512
e299f587576e534b0920ccb94f567600d6bfdba343b31f48a524f212b853e22fbd1f784c9da083d6222984a3ea8b217966c88f1dd43c543b564f5eeef5c71db3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
56KB

MD5
e45a8e76215ecbe872922c39448f589e

SHA1
672f85c7240b15f6a5ef69bb2281880398893450

SHA256
fd54fa8ec9cbdcc779b9bbf1755aed042d28a66513d0f94e345b2d2fa0a384a6

SHA512
0b921232730357b42f2e39e9e8557f2470f2e6f748a58d8e9d80a2dc90c80254fd251c857d951c3537c7325c88899b02ddd42a62ee68e9afe66990209b6d277d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
f7656fb9613de6ab857c90d0f2623a4f

SHA1
2b84ab3d56be8f6a7719de3d7cd4e0ccbbed93bb

SHA256
65b2dc5cbc9e87d1840457c2dca1fc55add21e4ec61b037288342f51142e9388

SHA512
0b673d717bee25fbdedd0b95a82e3b608d411038b3273d7c9cf96d7dddee2441d237ec7df8a53b4047fdd9e1e12075052b0cc26931c78df4ca95c11667e833d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4a7562f09bf45f6a4ad8ac8f4a22b916

SHA1
c28067c9fb2ad5d5ca43d30808951beb4315c215

SHA256
d0269f8c2284b377337564a8732c00db7869472044d1e2c876d708ee89a977a3

SHA512
c8c07608b9ba8cd27fb8f0d29a8b079fa21c67b78c683a64c1646d44896449f9224de9eed2704a5535561e2deb66b6cad950fed91232640e5ffd63a6c43cdb73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e59aa52b9d21c9b3eb741144b626545b

SHA1
2d794b20078ff84d40fb1603f41bd2e70d31ddad

SHA256
ea4aa59fd4f76cc734edb866278b1227d610b9f43fe96a2a4d2b5d770cc14b45

SHA512
cce8101170c571390e4fdae54b2edef7f8e653273a741a5b9a52bdb2cfb4933e1ea9e01170de062313e2016ec61056f846827c10bc3980ac4815ea04b89e9553

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fb3112ba263ac46c516326ad7da1a8e9

SHA1
076e1f26be6d869afb6126d2630b9388b9f923d3

SHA256
02bfe7b73cf3e14724916aa37a11bb28e60e692b173272cf07efab473c244e79

SHA512
4c068c0c8e4475fd0e96dbf59f9336fb261183e9667805c748ce6ebd8b5658a0c3907f6e1c055a70caae07b3337ed4df3ec71fb0ef057b35e717d1dd3e30a391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ebad2e02d20924d397f3b15e6006c598

SHA1
85cad363399721ead54c87e91fcc567eb54ac19c

SHA256
184fa459d38159f7c829bcaba2ffc111ffa2c5d140ce3a83a3bd6e860d08b114

SHA512
40a6435bf77e2682e31bdb191f45e7d2d8bdf4158689319184be366782104eae4a875cc0e148642c8d0c6022a13077858d4c947e19d525aad46a6ebf4b7ff7fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cfb916f1c4ea245d5e7ef634d8056d7e

SHA1
6ce01adb4d82c0287275f399d13131e0eaa4d86c

SHA256
bfee1d303afb3cf3811a7fe99018fb604ff1d5d5912669041d6ecf3e58251713

SHA512
b9a81c0dd3e2047d7ba2184ae4e7355a258d565f9130aac40d1b3d2c8e4b6c971bd43b90aafa55debe705cff824fa7f08aa95a93730e32e214476a95633f0463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
104b251f3bb0347bc64a6c97237381be

SHA1
840c9ab5008693cb9a1d3b3e8870197ca4bbfe9a

SHA256
3705f8553cfcdfbf44effdb1ffb1f5cc3025326e01109700863277ba0a8cfd96

SHA512
d151a7066fd13c0739c742d7253ed6014a4a93d7596d9f57e567168ca7e33d29361a5ff1d0b955b7f17d8e33de8327ccd5565995f7562759336cbfc10b148b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6a6c7a3613f2c826a79b48e7e8cfb2ba

SHA1
db6d8c2979ee54179002fb6712e8cba4f6523caa

SHA256
fad04da0f79c34c7dd9fa03795e287ca7f85933fe6691918d1252ce73cfb7ae4

SHA512
951e3cd46e7208639e34828943d2844e828ffc4b98b4e441f13edecbca27879d909d154b0721adb7fa385ae6e1272feb9695b8ce6cad11bccd7050981cf7f27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
1a946496378fa7b95a57e5676af7036a

SHA1
1350d7a45b1116639369882f2cbb9eac13e3d68c

SHA256
5c1cc1af152dfc604232142d3af0d52c91e04edbd8b79744f28016d36d5380fe

SHA512
06e8aef5d105951b3cfc65cd5293533eb45c6def791e121ae1ca0693ff5b9bf355f66ae130c3c72f9d217c0e409377390b53f034d54e7f9f4da36196672a7c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b926ce219bc5a8942a4133a8c51f4d63

SHA1
ac50e74d36ac317a4d3528381ed2e8d7b8e7c93b

SHA256
d3149bbeac28f255e72019bc6025e0dbedde26afd24cc55c3fa144f48baea3e1

SHA512
b407f5b4e5c8512c4d6d329e8415ea3294022ff85881910a8bb9d93d656be84ad4adc47cf871640d288b5af1bc1e758c997c7ba19dc4cde445b822371536f775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff24515aab50ef25c28e47b3f58c2a2c

SHA1
e141a3f4e25a03a462459211aa5dbb5339cea8d4

SHA256
d3970938f6807d2f895cffea73f9414726cc33ea8092563f4beda20047e6f46c

SHA512
92524a117a028637cf8cdffb9570f7ab0f1f8f0c56f06cc480a15f0ba5d219f02ac01a616906befb939a52dadf6c59c68bb600b607b7cbc61559db1c199ad568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
358cede421eed453cac9c34e3e1421db

SHA1
9aee7f40e66982cbf74c676edf6c2772fc80144c

SHA256
4e5d172e1dfafd2729fca1851fc2dce592321d54210a7481adb88170359aade5

SHA512
3ecdcd217758d0f9cb9500f142ad3f83ea9c8bdc9803effb59399f0448e07a1dc98bc91b3d4627783d4ca6ed8fc3eb6bcb3696af1eada92da26c7a1941af0ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1ccea7a22648b909611fb3c63f11832

SHA1
cc7d75e33c3d402e8d580ccd7d74d9a8b06f83f8

SHA256
ac225bde359cfadde44dcb078e3f575d7f859df43a56ed553204cab73b9ced2b

SHA512
424df0a8fa98b3dd033b781158aff19be515387440347e1b39ea570bf4b4c2d386d93645b10b69c762e46e94a1ef9c14ad73dc0ccb2a41a4290ae6d879c74512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7eec258612df0607cf4db9067efd8d46

SHA1
5756ffcc790e4ffd1a9a945dfc6fe7bb35b6c78f

SHA256
a6a707182e3c030b0897f1f9160e08e82a0eb4896f2f458f5bd78803c354f705

SHA512
c82ba42de367f322563f75e629ba21cc702ed09bc19fb8322f21e1b94d4f7f7ba8d912ce19eebe99ee557781f4bb9ef49ad9e3f16960129b7f42922859c585b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a06ede62f028155ce8fa005fd8046738

SHA1
8ad81ca0c8fd14e142292f25c55cc5b9090aadc9

SHA256
1ac6f90acbb02f86f1f6888505077f172b2dfaf65f3412dada14104091ac328b

SHA512
9a62ce4bc349fe613b4ac7d83ec8937e13e518c7f9a45563b5ed2c18bc1ecb42b89d15a7193cb1c62599b7d021bb8311d2cf63658155986f6470bb9030e2486f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c2e6d755ae3c3bbd0bd15478316bb67

SHA1
85031cb3bad4183addc863fd0f76378e49295a40

SHA256
923b734170fc13a4c5b85ba5b60dd6a8bcdf0e72dfee9a176a8deca4796f2fd7

SHA512
9e6332baa6bd6576af954c04ec772f84bd940812bb02a2f3e1e84468e0268ecbf942eba4832d290f4d6ff88e82202ee8119ee735c0ad1c86e86a50a9eda44f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45052b497ed51e4f77401e142dce40c8

SHA1
d07cb63f200ad66f7e15afc29466c0481b4dba5c

SHA256
5a4d647f4b07f6eabb6d0fc642f84cf9838c183337e710bae2be277c4ed37175

SHA512
ca3fea043dec1080e790e16abc41ca4b22770b19f4120d4df7b4bf48dd4ab4994149422309d039bde91d951eb3fcbd875263b897fbaee77579da412f4b2ffe79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
406691831d3c0c5703b66afb817c80b6

SHA1
78e6a0b1e4e6cfead1092a67cc7655ae6d79938e

SHA256
9e86c9745c344b611969ec54cb07ccb6eea6290911db40895ee090bfe365e981

SHA512
e1377360cf5ae78d8a246247e167de62f0bc2322b4b04fe2b866f244ec94dc7631cbbafd7ef1947350e8ff2103d9846a6c934361c53881458db9cf76db728b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b2f8f20b589d7727e61b4f34ebb8faa

SHA1
e627834427b85405447ce5b6a1517ba754e7dfd2

SHA256
8208a3a967cb8ea4b41921ab9e0ca4cd8a8d2d7d8420dba77a5cd2172840a33c

SHA512
7bb51e51eec9b743c16d00f43f7928c9fd1718b48377d1e860a74dee289b51c26e02da427eb7ffc2feadcc851c2d14e3dd9b871513e790935a6d996e851edc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4f5fd522ebc0f8eae88ded8f65ca22d

SHA1
834f2a26e1da517126760bf66acde78e354397f2

SHA256
d3d2c64c0fcc74f5d15df0747c6b47a65a61389350ebffe575c1bb210407263d

SHA512
6041798e01b4464be2427e8f38a9ca5f8deb98fca60d659a3a1283d8c475c380ab1f6043f8cd39be4d5aa78d59adbdb3a157753b44c9251dca7eeaa18aa6d7fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652b8625668da5bf47e10ca832d79523

SHA1
0213d3337165076a2bd021a05db06b2409e94c2d

SHA256
d9382123faeb9f4037cfa6e5172109dc01ecdd05e9177e1cd59e9af8289b9f57

SHA512
4c0cd6da97f2afd9021107f77ebef8d2a7804837109f7f7b69b94157e392655c0b3103a83d1d7a4a3d60ee28948ddf98fe5c139fe29c07852f91a08571318049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7803e01611ce1a54d61e67572134919c

SHA1
1ec6ec4a752ea97716997e5b209502ce8bfb528c

SHA256
96b9d4df086953a53d6368aa031ee97ec7687c68b722c352d43666d80037a69a

SHA512
9c29bec101d315cb30b9f58f257b89c2cece03d30a2f0479e61490382018a88dacd34a6d23f5c82925f9f3ef8eea1de9a531dc61ff8d4e6d5c7257663fb05bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5c04ba.TMP

Filesize
140B

MD5
59e84860c7958253651217cce39b7947

SHA1
c64a68cfb0f264fe78919f35330da39e2af4d8b3

SHA256
26de3491a7cb5288de0bf6d7d30ecec4afd128a8e0dd6ce136d217ba1f40a76b

SHA512
d7ef125e13cf4abedc761379fb52aa862acabfd582a42da884861c35f34faeac83bdf504aba61a1317d23c960dda5cc184ddd68979e3aa453bea502e5409aa15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
dfcb97c738875a192f76de336fc41f04

SHA1
e1b202ddd3154265365751b19de5c76010f8b551

SHA256
6bc30462832968720960c2d04f91d04df23ef7cf1824d81deaeb60b8d4b88697

SHA512
4a318944340d8b31e89c81d30182a9792b24e8fabf463490e0e2e443f2d81845eeaffd8d33e62dfc0a0a7c949de2a286c56a9b177b42f6d65dd2809986334c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
189KB

MD5
4365d5b46e4c1598ee664686a28cb8bb

SHA1
7258860920a4054a0c08ca12eb3ba50d530d6c32

SHA256
38cb51b45cf049649103600f576027cba0628df24f925505d30508aa5bf7aabb

SHA512
8aa078126c64f069df65ad1c736e018cbd59cae121717cd136e894434ba6134563d09a6a35278d4b1da7e6ca67433a49e304efb2c22ca131f730bddc2677104e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e0475dcc-3f9b-4eba-8c87-51c849540c3e.tmp

Filesize
189KB

MD5
13b8f725c78bb7df02800035a467c532

SHA1
1b88bd89ec41ff10018e9f1ebb2930f2b78fd851

SHA256
c843490305043331fedd79b845a5b3d80124e367e5f707047a56ac97318c9b9b

SHA512
9a8b37e6cf709fb373d5cf9b8a12d165acd059afeb70ab84a461747c1fe8d9056df4bb45157f45d552b2a523e4002becff817af28520ab610610cc639f86af1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98152783-3534-4929-a606-93e9148265fd.tmp

Filesize
1KB

MD5
4d039d8eb5e8bc199c9e3b20878073b5

SHA1
b97abe5ea883fb601499c3795d0e950e0a438267

SHA256
4b05a550c4be3cbbf1fc982c114d83acca8c9c8cf4984bf2c7272bda4d4ec0d2

SHA512
82c91b9181c787777c9b5f67599ef1844891ae29f49cdebf204ce0f725eb4589afc383319c1a2404d16cfaa3cd4e81407b84da958c260105068e42a1abefd4ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
5368546725a64ad40f0ec78e8facd3e8

SHA1
f29e02f51a28793fa74128e50477f24a71eca775

SHA256
df75b33390c5011b798b93f215efdc9d9742a3781f48dc8d0d011931f65352c1

SHA512
ce0428f986bac9f527fbf479b879b94f75d908f86e1284b661c25032dd3e5aa9876ac2fcd9d8787508c43f4ef5d3d2b3e7d1fe6a3ed96c72a0b875e635446280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
8bdff54061b6fe73dfad48f5e1fcbd3a

SHA1
f398188dac3031b1d8cc7bb7e9fed22ad0ac2af6

SHA256
7d618e94463056a874009f200a5e44ed66156c0f7df2c733074610e54bc38b42

SHA512
f687b73928c9eb19788f09e5bab950f1861b7bc58efc9662b0aab89d81c8cccd77c725d66cc6c52c5161d47d388d78056d077a0efaa804ada6b8391eebc1d8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
39KB

MD5
477196f930f7b50009350c419c82e6c0

SHA1
4a9bf3521d493afb0e66c794711287ef17965d08

SHA256
0fe1189c430dbd75f4395ffda846e0a4f2bf375392140185f076dee54a6dcc17

SHA512
358a30f087b270c4e8334a5bee545338eee35a935b7d3c27c656206e30e51393045dee43ec5fb36ef6b4da8f67e40b015ce43726305693480f3f42d0845305b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
52KB

MD5
330326f45e54bf8be962ce84dd13d60f

SHA1
fe8936d88b598800495fa62d4926c0ae1b59328c

SHA256
feeb45b795e7fdd76ab79b9ee547575ad14ab1b166682275346a5dcae533f3c2

SHA512
bf064dadfc49cfab5ffe6c98d63f093f75d4f7b418db8c95774f9c3ab988b401fd7e14f39ce3274cfbfa2bfd7efe807fd071625fa20003d7734992eec6402ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
101KB

MD5
65f882c004525dc0c3518227c98ab1a7

SHA1
e309dbfca67b0ccc90f3ffe99789ee51b47b7e27

SHA256
9f3c6b6a4882e357d6e499b2d97a201d1f1c8fbfe2763b9edf79dd334f8b9676

SHA512
befcf2553ec4f445c71175c0f9173819034bee471648f0198e933799a2016af2a22256bc90735ad6a4dc8ffcd344e5324cf13c1ae305c5028996ed7ceaab11a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
162KB

MD5
18d9d3d811538aa3ff9d28b0ac9f959b

SHA1
fc7990aa7305f0e0a478f5c16c6286d08faf8150

SHA256
751d83525ad1f8c8c74099326659dbe9b79b8f4b6a150689c3ca3f34e087779c

SHA512
e450bdcaad5ee262a1b23325b4579c9efdf732408fd3133ef3cea008bd66964799534365ed384f891db561f2bdc1ef5b9dd6d09b8892b3e39aaf8b2c11466d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
8951283ba1faa0d2c460f42df9366ca1

SHA1
c1485303cba4a15a6be50f08a574f16345b057cf

SHA256
ec77738d9e8ae43b942aad4d6f555ddac5cc5476bb982d7efdcabccf20ca7c6e

SHA512
28b1eff095f86c8e6e3c09b563babd33b32d9dab84d45615e4d04d677c292702703b2d0e0e43a236aa414d4d92ffc9d5ceb86b41497b522d38571d1de4b23014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
96KB

MD5
f1456617564c55f8bb0f4e3d8854aca0

SHA1
02ae0418e42c1a30abe54385d29b271ddf4ea0e1

SHA256
eff1530112ef01a3217074dd995b63f81ecacc462fcb9a9f7f8b334f27983a1d

SHA512
484370d62e91b48cb0cfcd94760e8082e7c1f9532b87da7960f3e06a4b50e6b800009c27a79cccc9ad1eaa756afbe40fcb2b374217ff5009e3f1643eab89d1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
52KB

MD5
39a79b2131e90e8f906bc0f9dcef8bae

SHA1
2e67ade10fcd10dcedb2c00126c688663a43d726

SHA256
f6725127fb1709dca10a80fc38cf4e8c22cc5f106ccd54249ccf67a149201214

SHA512
96416299e471c54eaaf401ecc37d24ae159a08a74edbeb1ba6eff6e21e1a2d021195c98f24c8768f6371bb81fb2bb2ab11f41c95ff06cd920b2d182a24ed9ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
46KB

MD5
218f4f81bdee5932a127929c6d693f0c

SHA1
21a507dfc03b8a1107eba38d223f1f8c2217a48e

SHA256
3c56fcff3a74054781e42a712f7dc2b874eec7a646c7282464c5d4cad1a36186

SHA512
11e5be1ee10d1f54201f860bfb1456f0e0b1ada769477cea39eed5f29750c9d83bc3da5820505c28f76892ca20894d6d1a623db0ab826a1a9a623bc1b539969b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
142KB

MD5
452ea233e004fe6b581c2af565829263

SHA1
13eb324d412f8c4fb1e13c2c367cac334126c8f0

SHA256
086f9ae4bbb9af5aa2c7931762f41801be0bf8cc03cf4d48fbb76d04058e6c48

SHA512
2936f7346e06d87731d68f22804238e371f0bec47bcf41b81ed5e52f312dd92915391e19ae870d781dfb7a8d594e6ddd5ebf2079135aef91a735ba116b0f6df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
c08faec5b512650265d7dea7d3074aa8

SHA1
a12a3af4528cba09daf2c757ed054d8000b25021

SHA256
aa10f2f083c90dbf0e2d61e283f98eab27bb35e87c08f09bc2e7c7879975b2e6

SHA512
65b2cb7223296615c7e3c52e458f9857e525e6bee574c656045b8fd70cc4fd9d3ecd5118f42f0617039cb465a6f174fbde82b25b02ee2c140e939ad52d258a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
4047eeec4a006946ac70fa2b708e5986

SHA1
9d7543578f24d62e192501cbc2a859fd48399a78

SHA256
a7d7cc505a1f65e2cb600c114c15157620ec538d4137281bb6b52025e0b93377

SHA512
f2b5e15aee50de6d12c411f75ae57c81a361dbd9379c35b4ae6dad4f846cad4dc9fbfa27c42327b4a00d856a8ea3f3181b4c7253c3421e46904635682ef4f0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3ea2062f112cbd92e78f30c5c6e0259e

SHA1
e62e98e7f32cb5e56f4f3764a5822576198341a1

SHA256
c461e7a7165545601aaec770c096880aed8cd597a7c33d705712487dda6fdc55

SHA512
f7a0f442e0df3f01d1add1937063f680f77b1429bc512b856c58a94c090b663ea2a3ce67057bf998cc4c37384ef48c6e2ff336f00a48c988b84ad23e61e25bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37fb135304cd9e8d11391030cad0a2db

SHA1
037757f59c3e928c2476e23fd492fc5c81018991

SHA256
a7496e1ea46fcd18a8b946503f3b6b7bc99609d2bd41f1bcded67744068a35f8

SHA512
6361b7cd9dcaff6d4348404aa70e04bfaa2c87e5736d53efbfb5b870c1ef9d1a7f34b84d00904bac8bb19fb28161fa9678a1b06b68eb181c91857fd7d56918c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e8641781f03dc5f36e83e7a3212e3cc

SHA1
9c25b7333b0bd815b916e6e3a853c9d019f2ccfa

SHA256
b22206cd02a5d0e2a97f7ceadd7ae145a2d35cc3886859fb910cacd146b57ca6

SHA512
b11fb49eed0d22e396f1752b7e662f4df40e742618fbd59b94692a28fa459ec932851fb1e8cfef55d58c6959835563ad786d1d8b42535541014218abf69a3835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f886f69def36b52f0cc31d46fbfa65e

SHA1
f42110c623c698cee4103f635ace9a065c5f86a1

SHA256
2d1b9ad88405badb5df0b745cac6c2d21d81671fefc88ad66b5e7f342567a469

SHA512
6c2149b82cf874bab58348a99cc77fe8736c3948487f9ac2f79140d9c2245661ecb169830f094488cb5b2b0698ed08edaaea3148fb4923211fe38a403fb731fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46bdd0a885219383920e661cc6c335cc

SHA1
0f0409a14cf04354fbb369681a3366fa8efd70ea

SHA256
70bf5eae1a48ea4d62c5b8af800da3a180cb00e1427de2be9dc742a1abfb2bbd

SHA512
f1f401ef9d740705240f79b78ccd1d805874d19ec3ffae6ab013c9f50970e4ea2514b2a76cf49bebe75c1d855631feee1b9ebb46b58908f9973dad4e76bd9b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b34838939bc77bdc706e2d124b949e27

SHA1
4067c95862fd302151989755637be4e92f60bc18

SHA256
a9d3f449f83f0c2b029624732d647fa02a4a68046c859ad4a5b31259056683d5

SHA512
02cd1572ae716285bcc452eae2c1ed08f954b4300612518a3602f78ca92defe889ece4d1fd7d58ca7677bfe4a30641cfb0b67a02055963287256d57792f16f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3829d95552fb1f42b963183304b9b217

SHA1
4f0be2c6259a9871308401e103a6199bcee9e713

SHA256
84d3d5cfd3dd8b93a62c8dc1b8d87b2beae77f6495d7bd078f1721031d7757be

SHA512
8fb59b09a900911ea8ebd31815be6e3401348f8de6296db31d2ee42b5f8eef36f1cdbc9146b3ecb0f6e61d76f757a24904b21f6ca8735112e5e2e34443375533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4d6fe04b3e7f351b5db1c1096bf0aec2

SHA1
d75497a7c4f568264833c8641d9f131a67be189b

SHA256
779e38d6270bef533253bf79f591ad9df709f5d820b313a0edd8c9b025857a59

SHA512
f70371e674f73e7127a3d69cafbf89691770e58e4d5f89ea70786d2b089f2e249678ddc5e1bcd63c69e70e0acd23f66f7d389cc3c93a135e56f4eeea4b8ac8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca6d9c082e9efda9b280074f1c3be464

SHA1
ea954d5fbb334e44f16fe3520598fe993b72f2c4

SHA256
ac8f85608401c7079252cdd45804549896bc2931f41228f890670e076b6a8064

SHA512
0d37807d5b3d4b7a34582e16c83651bb3686ed84a59e40734ed19d8e4f1661336e47a239f3354569867f033bb218cb816ba7c56bae7391f8065b5085fae1c312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5435fbf193cf225702d0be77a33caaea

SHA1
1f827566cf4da6b75e7b9e4207381de59686c54e

SHA256
f6a6a449ab9e7f874a46e6d7c9a1ef07a0ef2845a4144266589afec77de691f4

SHA512
888b3561d12b56aab448caff253e3490806bfd7742280d725de70d8a373f5bef25e61b0784a3a38b2ec2b1e5d0f2660c61cd0f8581fb74f1c33e2aa4a96e8ac1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 84187.crdownload

Filesize
2.3MB

MD5
8ad8b6593c91d7960dad476d6d4af34f

SHA1
0a95f110c8264cde7768a3fd76db5687fda830ea

SHA256
43e6ae7e38488e95741b1cad60843e7ce49419889285433eb4e697c175a153ab

SHA512
09b522da0958f8b173e97b31b6c7141cb67de5d30db9ff71bc6e61ca9a97c09bff6b17d6eaa03c840500996aad25b3419391af64de1c59e98ff6a8eac636b686

Download Submit
memory/920-1153-0x0000000000F60000-0x00000000011AA000-memory.dmp

Filesize
2.3MB

Download
memory/920-1154-0x0000000005CB0000-0x0000000005D62000-memory.dmp

Filesize
712KB

Download
memory/920-1155-0x0000000005D60000-0x0000000005DE2000-memory.dmp

Filesize
520KB

Download
memory/920-1156-0x0000000005BF0000-0x0000000005BF8000-memory.dmp

Filesize
32KB

Download
memory/920-1157-0x0000000005C00000-0x0000000005C08000-memory.dmp

Filesize
32KB

Download
memory/920-1158-0x000000000A8D0000-0x000000000A908000-memory.dmp

Filesize
224KB

Download
memory/920-1159-0x000000000A890000-0x000000000A89E000-memory.dmp

Filesize
56KB

Download