lokibot | hxxps://getwave[.]gg/

Analysis

max time kernel
433s
max time network
434s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg/

Score

10^/10

lokibot agilenet aspackv2 collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

http://blesblochem.com/two/gates1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000c000000023eda-1596.dat	aspack_v212_v242

Executes dropped EXE 9 IoCs

pid	Process
5020	Lokibot.exe
3904	Lokibot.exe
4176	Lokibot.exe
3904	Lokibot.exe
1028	AgentTesla.exe
2776	UWPHook.exe
3248	DesktopBoom.exe
1484	Popup.exe
2920	CookieClickerHack.exe

Loads dropped DLL 8 IoCs

pid	Process
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe
2776	UWPHook.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/5020-1290-0x0000000003200000-0x0000000003214000-memory.dmp	agile_net

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Lokibot.exe
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	Lokibot.exe
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	Lokibot.exe

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\KasperskyLab	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
131	camo.githubusercontent.com
132	camo.githubusercontent.com
133	camo.githubusercontent.com
134	camo.githubusercontent.com
135	camo.githubusercontent.com
155	raw.githubusercontent.com
156	raw.githubusercontent.com
130	camo.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5020 set thread context of 3904	5020	Lokibot.exe	174

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentTesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UWPHook.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Popup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lokibot.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AgentTesla.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy	Popup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{AA6D9C2A-040C-4F90-B41F-9CC8800B0A19}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Popup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AgentTesla.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Pictures"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Popup.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 332127.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 976893.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 420948.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 157429.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 590164.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
3204	msedge.exe
3204	msedge.exe
5008	msedge.exe
5008	msedge.exe
4880	identity_helper.exe
4880	identity_helper.exe
4772	msedge.exe
4772	msedge.exe
2092	msedge.exe
2092	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
2344	identity_helper.exe
2344	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
4480	msedge.exe
4480	msedge.exe
5020	Lokibot.exe
5020	Lokibot.exe
3904	Lokibot.exe
3904	Lokibot.exe
4176	Lokibot.exe
4176	Lokibot.exe
5020	Lokibot.exe
5020	Lokibot.exe
2348	msedge.exe
2348	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
3736	msedge.exe
3736	msedge.exe
392	msedge.exe
392	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1028	AgentTesla.exe
3248	DesktopBoom.exe
1484	Popup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe
Token: SeShutdownPrivilege	4728	WaveWindows.exe
Token: SeCreatePagefilePrivilege	4728	WaveWindows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
4728	WaveWindows.exe
4728	WaveWindows.exe
4728	WaveWindows.exe
4728	WaveWindows.exe
4728	WaveWindows.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
5008	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1484	Popup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 2984	5008	msedge.exe	83
PID 5008 wrote to memory of 2984	5008	msedge.exe	83
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 2092	5008	msedge.exe	84
PID 5008 wrote to memory of 3204	5008	msedge.exe	85
PID 5008 wrote to memory of 3204	5008	msedge.exe	85
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86
PID 5008 wrote to memory of 1476	5008	msedge.exe	86

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	Lokibot.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	Lokibot.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getwave.gg/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8964d46f8,0x7ff8964d4708,0x7ff8964d4718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,4644717319903966078,10144962748724928736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4304

C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe
"C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4728
- C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe
  "C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\wave-electron" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,3194985045994390216,10031631221929824753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:5056
- C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe
  "C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\wave-electron" --standard-schemes=app --secure-schemes=app --field-trial-handle=2268,i,3194985045994390216,10031631221929824753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:3348
- C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe
  "C:\Users\Admin\Downloads\WaveWindows\WaveWindows.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\wave-electron" --standard-schemes=app --secure-schemes=app --app-path="C:\Users\Admin\Downloads\WaveWindows\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2512,i,3194985045994390216,10031631221929824753,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:2328
- C:\Users\Admin\Downloads\WaveWindows\resources\node_modules\language-server\wave-luau.exe
  C:\Users\Admin\Downloads\WaveWindows\resources\node_modules\language-server\wave-luau.exe lsp --definitions=C:\Users\Admin\Downloads\WaveWindows\resources\node_modules\language-server\globalTypes.d.luau --definitions=C:\Users\Admin\Downloads\WaveWindows\resources\node_modules\language-server\wave.d.luau --docs=C:\Users\Admin\Downloads\WaveWindows\resources\node_modules\language-server\en-us.json
  2⤵
  PID:1476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session"
  2⤵
  PID:4328
- - C:\Windows\system32\reg.exe
    C:\Windows\system32\reg.exe QUERY "HKCU\Software\KasperskyLab" /v Session
    3⤵
    - Checks for any installed AV software in registry
    PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8964d46f8,0x7ff8964d4708,0x7ff8964d4718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4088 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Users\Admin\Downloads\Lokibot.exe
  "C:\Users\Admin\Downloads\Lokibot.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- - C:\Users\Admin\Downloads\Lokibot.exe
    "C:\Users\Admin\Downloads\Lokibot.exe"
    3⤵
    - Executes dropped EXE
    - Accesses Microsoft Outlook profiles
    - System Location Discovery: System Language Discovery
    - outlook_office_path
    - outlook_win_path
    PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1776 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Users\Admin\Downloads\AgentTesla.exe
  "C:\Users\Admin\Downloads\AgentTesla.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Users\Admin\Downloads\DesktopBoom.exe
  "C:\Users\Admin\Downloads\DesktopBoom.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1372 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Users\Admin\Downloads\Popup.exe
  "C:\Users\Admin\Downloads\Popup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2212,12970847267717082318,1608602261947059113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3904

C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4176

C:\Users\Admin\Documents\UWPHook\UWPHook.exe
"C:\Users\Admin\Documents\UWPHook\UWPHook.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb4c3ab1a780b0c9c93cb17d52bcaec0

SHA1
31d91424fe8fef9e94faf0bce32d64522c9262e6

SHA256
162fdbeb20ef45065cc6aadc5e012d147ea8bb4b1e8db96312b6760e724b5950

SHA512
856ec0595c979d5bd097a0502fab781cfc9dbeca54d229e5ea47d2feb0b6a6a0ade8e8be1788ed5d47223a310bea54884283cfb180f99a487c91cb7d98ad01ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
242628022188130b8c931a47af1ee83e

SHA1
de292392899dbeb20f552b1fd8491c7f23b3331d

SHA256
efcccc684a2ed86fc6622650aa5b5790ebcaf9f8c5f895c45b74d053173af776

SHA512
f0afb8e1be750192d619b847e9ed4c2d906207a7db0ed9a4804a1af1a1c03e3c5869580766371a56b017ed4e081f66fbf4461f84f4044a7f336d6d94fd87e5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6e7f283aebef4709dc8651f609eb0b5a

SHA1
1fc95797b43cab268005638cd614a87680089865

SHA256
a15ed475b7614cfbdc33659430ab1c5f6a6a3ea6849f8b0b8772f93ec713b7c1

SHA512
9fc27d4cc2e61e869695e16335694e7189736dfa0dcc4f1e69e2f255c1d9bb60fcedafababd5d37afaaa1a112991a4dcf5b075f705d2b3b60a94999a921d0e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
34ba4e4d46d378df70d8d3558c69f002

SHA1
8ce15efd11cd480bb96b78d4b77da55efbcc99de

SHA256
e6f0c0d1e29a70db1f30cb493345d648292c88cfdccc0d58c3b7554288b5d948

SHA512
5851f1eee5d9fadc76b4d56914d4fd7603a7b59cab7fe8f7e3d60f354af6ba4916b61456b5cd8958a94b5f82a19852009a3411a08e730f2aa6cf684308611a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
d647d5cf0e129134da1baf1f97a58fbe

SHA1
1650a3b8a0e40a582a89929bb0e19169c293da27

SHA256
9dccd50f2ce1f9da1ceb610130179e4286b70651cee9cfa8865836c7dfb177c2

SHA512
4e452f3561582955fcad8818c2c586bbda54709b747e92fa7a6cf510cf5775e4a09817c813d1f3f7ab60d730821863a92e54bd1e9456278f71a1f09d32b1cb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
7becabcd693f2ac602d5e985cf5e0755

SHA1
e582651061ac8afa5d477c50d552d41c5888e2ab

SHA256
db053ba92a51fada7f070900a99535e8dc794341a3282396a3787e849c092785

SHA512
e5d7d14a2750577be37a3c90251f8bef4d37f4d5b90584c0b5b5d88314b35f2273b80f19641c29c99f32274fdc4be4b15e2441a4facd5898b5c06c743623d7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
edf3b94d12feda9fec733db26bcfee48

SHA1
b8a381a326bbdcff3e6cfca8c4e2951bc75e3084

SHA256
1402cb49197f078fc86b8522c42006091fb0c091922f420f78c6e1728e005adb

SHA512
7f8fb7d5de19adf67a504d81fe504430aa8a9da1909e12ae15b0f02aedd0ec732e6225742cd1afb054e29a3f6819605b1ddc0835729e176fdd4975fc71feb17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1.2MB

MD5
d717dc20ddf09d562cc7d4bddc69ea5e

SHA1
3c0a07ff93171250557ff41c1621eebd8f121577

SHA256
5b92638f93b754c48a8050863fe38abcb2ac7397979bf3b9dbfa2ffecce2383c

SHA512
07b48be4727a55e34ff097e8974ba14251436417edd64b3876b09cdfc31220551ab12f6f080af697e23b6cd9afda50ddbbbd00df53fbd538893b62fa43173e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
7ecc0839e3783db1b124b1862b7c19b1

SHA1
ff11ac0d3c2dcabee3dc593903382abb885c05e6

SHA256
f56168fee05ac1fa73de36c0ffeef89cc8d5ef9e41e4a995d84629b6d6caad8b

SHA512
1ebcb548a3489ad950fad71e72582a263664d1f851e9333959c3becf01ad1cbb832dab570376ef2bc88ef3c79016100de843a2a370b8a8d34493fd0bb1cb9251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9800fab2d011bce422ad4f7d0e6e492a

SHA1
92389ddee195a0bff16816881475bda14abdddad

SHA256
5891041ce4d2e81895f7182ea719567357f45b6e83686f69244115e63afc1194

SHA512
22206b7574a9ffec1fe565c79bf99d7c5ceff4d9d36112d0c8e8ec4685b6bb7c7230b233c0ffc06a3c4d8063385f07607c9cee9c345d8f43efac6f0035be83ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a132491d390e6d5338146d5727d510d3

SHA1
e46126fc5e45e7ad0097493971a0567345542e08

SHA256
1ee853d04b1d02c8dd8592ccccc08c53792cba3325ce4d795936afbb3a18e0a1

SHA512
caba00b7233eb58c44f8b03dcac5db6da14d51b361533e99486a12ccad2adbf7857ecc14688411b5a825e41c12c0838a9ad0753d1a8af8d584d6849472ddfac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
fdcc8d4e090a39b9981ef20a9daa2144

SHA1
0c121ed4ae95049c819e6bcfdc5737a99ba8c7d6

SHA256
7fe54ecb09f7198284a69bbf10803e89e3f4376933d0959d83e1b857e1a083ae

SHA512
40abb1e40c69378c26a465e3ba92fdd376e3659b94e354cd969ad7576864531f18c66ed0e6e1747c045d52dc7ce36faa980b8106bf12796967fad522844ce9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
63c79bb12deb56ecd1ac38ec4c0c8527

SHA1
dfebace3d4ceca6d326641ea534850318e9337c2

SHA256
0092784f8745fc6a209f6ea8bd53a70d3e28cdc2a54faece8bceb18f6c0ba371

SHA512
c5fac03891ecf40bec0b0145ffdbe2f3c151b2c2e1bab5ef628f94c8493f1ced2b0bfed2e3029fc06df046df1c90eb4726166eca4d4bbe002bbe415b326f9962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2f7bb26c5c9bcd933f8445b50a567c99

SHA1
9067df97536ed1efe0f19f9bb4bb9e6feebff4a1

SHA256
f4eb5ea2cbd6b8e2b22c1eb8502869be07aa5dc5936f01a9fdb9030117c34470

SHA512
a7824510786e85b209332686360753e19f9c2e82d5b972ddc85e2ef317c68d1404b0feef0f23e18c9543ef00cf7edb74b39d56451f013d69b716a35baa141c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c7f61bc23ae49ae09081084e0d3020db

SHA1
88083f1a4431fa5cb5d82eb18872865253abbdeb

SHA256
6baacb9f07adcbe2869c2a4def28d34d8291b85980f11594b7cb7464774e0c15

SHA512
ea722cfab40ac96315918725b343a28129f96de0e473c79ca8f98fe1e6638a50ba7ca57c647f96607f8b4495386b32a5ff84d64f74685bbfcec64f98d7180840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
334B

MD5
58583a292c9fb93dd15dfeffbf79bd4f

SHA1
6e4adca6a4c6490887e2a6b95d7952fdd85cf552

SHA256
f4a671c6a42e2be44603813cf274b35da52e196f226a58089d2d9f565ed85d52

SHA512
dc1a53d300c143b2da2773e9dbeead869534dd45feebd88ff73abc990713949be2da74a80a7ddf3f63edf8f7ea8ae19cdd6a5cb4b2cf5d9c898354588f2b4500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
168B

MD5
cdc6641a9e55c759be817ec8cca3bad1

SHA1
afe88231001d0787d5ab0ad97b41a4ec5784ef45

SHA256
78895c5a55d8cfec2126b2df9e9ed49cea2d15980abd0cd1180f22e3f63d72a8

SHA512
b1eacc75566a1cc9923019f7c1f10e9c5dd313a4b1721db8e4b05e0a610e362cafe7fd54d92019790fb92008578dae587be3c57766f97436cb6d7fefd881414d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
81789946c1907053f67f04e8951d352e

SHA1
4afb49c576586618fa792499df210313c5b7e773

SHA256
7b0a0d3123490a203397413c6bf11466d0643cd94be8cf3c39b7377a9f4364c1

SHA512
757390a6e945804c5fa9bca6e9bbd1b839502b9eb0e8596fdd4a14622fdf2f8895eb9956a89b00416dfdb04fa37922b4653aabe527a4e4e0d5b9978c212b3ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0a0b1c330a78aba2b51a12366a685796

SHA1
b94cbbacea5e2e7cbeb57e707ff3f8e36a54a1f3

SHA256
4f531e2606ba112927251b653511f6c54b2b00b9f30cbe0f6aec3ee2b3548f9a

SHA512
884de444d5dbc45fe1d9c69e0a84ca50e09645f82e9d518a0e1f5442386f61e2d5f5fd3357d6902ccbbbe1e78e1a85fb0747753940425bb32a3c0b9d652a5f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
56d3f040705f590d5c7906d2558a364c

SHA1
c3e43f3c7658c452b28aeb4f03be44544f0d1276

SHA256
d4954df4797f14cd8f71d609e2ad3816cb167548b118ace7d5a42346d8da611d

SHA512
68cebeecd51b4b1aca1619e2afe805932a0efd19da9d5d7a5cda9eb4bcf66fae4a0d7f72c984b3c9d1c5ee4fa7420a63660acb7cb49af7b7201ed6cb5e08e9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfb26d05849b494e77aa177a36cc9dde

SHA1
38deb83b911cb10cbe5d87870f7e47350dccff4d

SHA256
a463e0509919c74a23dee77e61ed2ed8ea2c8831424f4ce6476dd4c15f11a8e2

SHA512
3f526a204b0f3b48b4108104e558927439e96be9d3931cceb98b0d98bb871d0ce02855c158e64ef2cbf1fd8da3895742286771c93f6b674cbfea6099b302f142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d3e068eeb875efc48210af8ccbf2a5cc

SHA1
862142e11eca2ffa12e10122801557de3cdbb50c

SHA256
d12d0150b89f6cd1cad20ba000374398bea3a255299f5e90e1b1b27061c93847

SHA512
2a31729393101fab611006f260ffd952304deaa06205487b95f8ab4d58b676ddbe44b7a6668d4096712a90694e750bd0b2d795f28abf173f53aa9661073f1544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f5a96e7980ffc97e8a855849969487b2

SHA1
97215f3e80de69735bcd309803c5eff1a99acc9b

SHA256
b85c341b7193eb8a0446d2df60a001c6ee35d6c89b4fa2228be10be4b6496055

SHA512
b2b50d4cb4894e57b3d4e8e0080f1fc6ae9a03b4ee81b954af6df5c9ba32288cd405eeb4fb1708881acdb3512ad84e941515641c894f7a997e5ba2b4a08b32e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f363b7ee0cd25ca65861d5e34051fbe

SHA1
87931e0410c9abbadda206164ddfa302560881aa

SHA256
75f6be256e39db93e4b4c2db42cfd25ae1bb0805f1036b728f0c4498c0a237ba

SHA512
a05edc812821096e0c573b95196fb0052ee1f30bdf03d6088a7fad89bfc5dd5b1c6aae52a9318420bab30505c02f84fcf50cb027077b47f1b526cfc279eeff51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8517bcf7e03beeb5b001314350f02387

SHA1
a4930c4e0535e81a82294b217c97d5d8aa35c5d7

SHA256
7e14deb7a9411871f6f865e5bcf8bba9c90e4681c2472e5ea5efd0a84826aed1

SHA512
671a37a5273ced5d1c8dcd19debb5d4ac84d2aca870318b2baf379180c07a201d9c8ada997a06088ce37154ab493250db7a8856b5ca585435bd3f082de9fcbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
81364e080fb4a1e5070019f92277d70c

SHA1
f37a0e626834289365898861dafa1875aff99c3d

SHA256
1c8dac2ca0f9a25d15d67b44afdeff7c6bdf1f43499cfa990099210a36504e88

SHA512
87e2e0627b880c7a92870c8d5bd67b6c5fef919e1fdff1b56274fbf37b090ddb7be149fb81567e0f6a90bff4be9c7c818eaf49f1bee631ba85c03b166e121090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
27cd2bf9baf9c94e5ad84c3d60b6380b

SHA1
d277ee3ef8e6b10c3bbb6c807ee095324ea9ebd3

SHA256
06ed461e314aab0e3a35bc02dbd51ab4f25cd42319b9fa695f83f2b38045ce15

SHA512
8de4a3b85f95cf36bbb38c130a3a8762103b4cda7c51a53dea1360d0ee7b882d60106638bd13cb75d31a253f317f791afe195f91f51f224bfd7147b5ce0f7681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
472B

MD5
305cf5eb48c57e6f7d3818c34c19d75d

SHA1
7e5ed61ac6c81847f862d8a0f66995f951f7afe3

SHA256
dbf66415fa30f37cbbec9d28b85d25e3fbde0328a52b157edb7a1acc7231862f

SHA512
d55ac099debb443059f8f85d089dcc2c3e7b83fbe6df0e7a9139b792e02a9f4d19b29ce4a9ee5c78d5cd6e3f387837466b6371cd622483ccc130a2c6067e69f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
83a6f4e7580234f2981b1a574047a0fc

SHA1
687eeeecedac15076feec3823e27d480d2e4a915

SHA256
d04ade6fd5bfeeffd4315492ce0dfba498c40654dac4521ed6acba8b86392a01

SHA512
63939f3df752e84ff94652c630eb9267ad9553289ae43694ac8a0f7b15ccec47b44588d3b37b37edde26c48fb414a2a26217e4dcebced97dab7fe0d75744b5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370023679283709

Filesize
2KB

MD5
9944a398a4704fa4453944fc9dd4199c

SHA1
db1c8d2655e0f87d298e77115fa1f15cf79d4bba

SHA256
8be1c67a012fcd1ea0fa55e990de5402454d57e2d89d6cf60254f6524d458cfb

SHA512
1aad89a708a9e58c53c9a3ce4ba3939fdbef4657c64eebdc376e57a81025bc340f5e1b723c11290b9c2f01d8846a0be618808f0ffd9d87a461d6ade9140e5673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
7563a0bdeff7b53d75b8a427e960196c

SHA1
83f5caad9a6f841175727159d92ba40f3a80aec6

SHA256
4eb896af896acee954ed787fb9c2bfa99bfdfe6fd21e1bba951d2fe4eed76f37

SHA512
5197fe640291ebbe70ff9c40618990f3febde3840144e984828e3c7b60d95998e0a82794ddea3ba9251fb16757d7d0672f46fc0023393484d13bbcc3a8302f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
bff28a5a20c9ff51175e9202e3b9826d

SHA1
dcc0842ca0cbf76a3f1b8e8ee5e34506f98899e8

SHA256
26dcd29e011f8fad4b0cd536ed2da6ee9729e6f469b3b0a6b2c682265f6fc4a4

SHA512
98491d9c3396e5b464b6b41b5a1ab7425b51bde7cbf90f23a5a63c12cddc6fcccba6307091ad1deca7dc37003ecb428b9095d6c9d07810191ea619c92edc6196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a1e43f304d7c709b5d6ba23254433c1b

SHA1
394b56cdcd67e063b35ab9932b383a41925dcd92

SHA256
7075b5605eb43e450adafeda08a24ffb8e12aa24cf1cc26211691ffdf5abcda2

SHA512
8402d06f60fc19248be3eea433dec9b5805c59a4cca4b08d9f1a409e2e05ee94e793ed3a03208edcd4a2197f292328517711297dfc4d909b0a55a1ca4dbc28ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae4d7a8821f9702aedbeffb6a69c290e

SHA1
63ab4c796bd2a0caed64be7b8f6a060eab946e02

SHA256
6ac617e532ce54ed8955e5af01755589a9a951aeb85001d615000f1d7716be45

SHA512
444efe336edcbe3ad87df06b0705d29d0edafbcf025381d8d53fd9109170cc9b2aa12186573f78a8fa25fc77c7fd46d17e3dc59ed32ab8e5d81f383481d2c4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e4e1ceba54acbd9c73b4763d546cc3c

SHA1
234533b082d8827c3ad2445030e9cc8d221b3c24

SHA256
2aee2d765123d973829dbe44e7a402143da75bed546cf7d4da2e7367d2ce1b8b

SHA512
ee92ce47dbbcaf7741ec598b63aae23d2a35d227b545645ca9128fb3ee23a4ab65e57fb7aef7a769f86dca810ec091e29021e4e283c32a1ff0987e6519a5ea28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
173ee88a47c10c95269ea9a84916cfa3

SHA1
f9ee0d222ce2b04b26d0989a53759cced14e8b4d

SHA256
790cf270baef67137529f13d82a21f60a03edeb3da895a0afe1411c065d46602

SHA512
78a315cef49de85bfda8a97b77cf13c4751bfab6bde41c580552ac99b4eb79ae9b65d6905ad36ea7b6a9e0573a4aa53b8ea542efad758c20b8c151da593e2525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8dd31ead0fde8bec09759169bbfb938e

SHA1
8e2a29a0770b4aa3d1f30312927416ee0cfa48f4

SHA256
a0bd20ceb919a1d3093db725d11af81905d7ef1c3941991f3b30527d95a82585

SHA512
b8a7a7d6fcc3ddc819cc867946270733b1d8a94b6aff0d056578e2a2f2f1be1935541a0a00239cb85e2667b13dfdf763e425df22a3031e7f1ab02688b1d23159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06cea3cc83832e50a3ecbb2ed216f2cc

SHA1
b218e69812b4e3ce478c049754f44a01bf35d71a

SHA256
5530385d47f3d2df8d38ecdf99b2775eb7cdf048dd980c44410458cfe7f509f8

SHA512
81d386ffc9d2f4b6240ffd0af79fd8ea2ab2f04f6ea0760dde5b1dce40fd5ba1fb4393cc0ff81612985f762661c67cf80401f495e65a613e23df18db0001107d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a875d30a37bde4ddf9103bd5b0b9cef6

SHA1
5ef986df212e267f3b8507dac62ae0ee6c29f793

SHA256
c875fa962e3b147ca19190ac244221c788d1b56ea22b4825b4379b243e99c062

SHA512
e7b2bc5f7a0c659af441dbfe47b2ac653e403f073f21f15f7c96bc9d556a730f0f16079feca206498fd84a6f22b305f3ffc6512da03f642ed8d791b12667cbde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b12fa37c328554c8ea237f84f8a450c3

SHA1
129eac45922f1a39b6b3f1c21ad4ea3fd4364b97

SHA256
faac133334be58deaa943c125dfc11015734e13a8966be8d4e6c2b6451ea236f

SHA512
1b4305144814f0bf7ecf55b845bfcffef18a2bf275de53025c63ed814bc57e3ea42d92e381aab651742758d029b60d34a4d7e91ba1982d377c71607776e83778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3cc90a78b8f3b32c01c25f76d99a1115

SHA1
8471833bbf949e9e94f33e9980eb9df7a9ac7229

SHA256
bca567fd6a787787de0223fd0308078dbe6a142fce31f3954f8d5e6ea4b0e9b8

SHA512
c38a0092dbba53b2cf6aa32dd4c435ddb7656212d9a7e74aff64ca2cc5928e36186471c25bba21e1b1c3a7627e3b175e18c7c656930a7844b2ab8bd8a37fcef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
80c0fd356a2c05705438b7228f2abf63

SHA1
86ec42d5927e7587cc1166336218f075021758bf

SHA256
b121d358b96053d297ba48a9ba527d7c706b4231fa29f600f4b8ddb8e6a48b87

SHA512
f0325b1568106a90f6917a48744ef211a13fba18ef8f7cbdf95d95b5e80fbf851681ecb5a692d90e4430e937ba02fa2ba7b7cb5aa38afdcfeb4a5d858c06294d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cfc646fef268c860e922f4521fd043a0

SHA1
5249cd7e78806bd4ddffa622e5b4cef30f618b45

SHA256
1b34a3755811c4a6ae592948b58b04de18f338c0f20fb763b8c13617bc934ae3

SHA512
d39153872be8b5bfe440d42ef10d73ce86d83834384333ccf3a388d03f0e63d598f1cb34b24730c454a71c75692f199a3ad5fa62c3010875aadbaaafdd85ed3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ac015.TMP

Filesize
1KB

MD5
6f6394d6c65ce1a6b03ed9fe20d07a98

SHA1
da751ef33f112a8ae307e485284ee986d40f95ba

SHA256
38aa269810cac31b5456bd624ebcd59afa424d9990d3079f530fc6fc0ac5637c

SHA512
6ac8f53d9dcdd3b924ff8a8c394d178b356697bf2791f87444c756ebea16734513002f2eb35e860ef2347369096f0bc072f13c3a4fcb716cc7667911f1b67514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3e40033bf422bae7797e6326e5e94893

SHA1
645a249df660cb5f3c665e026c3f8e41b6768306

SHA256
f8faba7717f5183eb558e5c8a7eff06ab1d21d0ba50ec5f2d295be4452446db3

SHA512
8e45feb12acbb572651badc8f83462817984051c1ce12e42e3f44c331264ffe16a2a9830cd5c8524fdc519fb0f55fde08b5439e7be394b0f25c37c0b2d33f184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d93b658f-b668-41a3-b6bc-c632bc44d0a8.tmp

Filesize
6KB

MD5
e36864e64bdd5338ccfa9152e8473aba

SHA1
5897720af90190b36d5e55be4374fc313ba2d04c

SHA256
fc3d17e37048bf786dde7cdb1478e3f7ac81cc5464bbe6184ea991cd98dfc880

SHA512
41315630c82be82f579adde93f40b8f01a6b72c1c7d4884a2711d536893d2301921623fb9f9b38f856c58b2aa04d58d11292a962156cf0c74d28d0893c997843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2704053a100d5af79c61d554581d54c7

SHA1
81906e68d188521b79ce2d428ae33820beb7ffe5

SHA256
b690b52602940d524950aa39076e1f436f7e95281db4062131ac9ecf63aa5fd8

SHA512
b6c769ebd077d9cf925c74871ea3e0a22465802b53b17dbdd1bd134927d70f3b81bfbad9789cc8bf18454d68726998edc8fccff3759925b97845d92eaca3efe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
13KB

MD5
a15a1a1824f8b736a61cde9bad73267d

SHA1
34e64a9cbf3e95b75a85b1d87f0981f5aeb62d38

SHA256
4cc7ef5d546075ecaba670124fd3c194cb3b900f37da0a50a8448dd6c1d229a5

SHA512
ca56fce6fa4b94832cfdf774def223f9036cbf3e16d856762c3ab357ea8f2fe3121efc0523487abad0e998d1e2a538b0d6d26a9b0af4c475af40f22fb3d68512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ee788d01801af428245153d11c7da34a

SHA1
c051ad0b3d85456beb15ad4098a18cfabbca65c6

SHA256
4473e2f3f5bde81824ec0a1addb7e1421f3fe639881f9b6574e1307f7f9b92e5

SHA512
2698403447565814bbf1e58d3c1619e779cb67e6639c107f3f2a748c2ef843044dbc37d760f35ab3171b1376dbcb12c6f133f339db24d02225b537ffa04d0a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
1fd758d5023c1712050f17c50a24015a

SHA1
32cd75a067f9a97b9269a9b13ef7f1d06e0bf920

SHA256
893d0152bddefe254138a9551e1285c94a879f23c4157d3ccc8064f9e67b58f9

SHA512
7c45d13319d1d21ddfde9e80e833468efae37ca4d9af34d12dd0dab74a66b354f1ac59aedd73355b52aac05fa11c1b8118c1cfd1952051467815e926e8282ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a2c0f92473f0772926964a5d622af8b9

SHA1
e66daa9855f66a95952d033f051c938dbc86dbf4

SHA256
9391a13a4b099dae7ce07d89d6f630a733fd41c68b99b3866a15705ab7d460b9

SHA512
c3f446066230c9e14e586cc8aaeca81b3929a1aaa73e61472c7d229614852e1782d02c0c9b780463e68f5b8401765750a3542c1cbaf32b673bffc9a3d8097f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3bbfeb0d3c93934e7bd59afbe023c0c7

SHA1
18de28071b950ab5876249b791c8fdc4497753a2

SHA256
772aeb934973259cb2dc089087c2b99eb99238259a9c2fc59ec42b26635d4252

SHA512
03d14f05530c7978c5e4969c77116703049d6197bccbaad8ff3797f0274bcaef283b20bdd11b7e6e672522da4c5ac77d674a4f8b89a018c8113d0472cea658ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
28efc36b7004dcbe72fbfa2c20b4e356

SHA1
0fecf48bb8ded92bcd40169e7be92ab83fae1f9f

SHA256
c2810337f164a60fbe750cb872446ffcc267e18dce45dc7d72b51b65b2a145b0

SHA512
3eed2fb9642ee5bae2420a13f0e3356039907904f64a30b834500238ec1b42c6cd945fd6f9eb4f6c580dbb03f70d1e797d9f99e036167b46350603ff512fc190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6f4ebeddf97c62743bb54c7df6ac2a6e

SHA1
19260b71081c98f83400c3722b0022643d353d45

SHA256
e42d7fd803a8dbb8b95d314c1932d55efe72900a88cc96a453b476554a0d58b4

SHA512
4bca3eb77f8718f2b243fa1d35a9d697a8d35d59506317199bff395e0ec8b5dbb8d8ac31373f0f70731466fce3b72059819b2ede1a09716b7289808d48ea1e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
5c6e625c369a9319e9f5105f14f6b64a

SHA1
62c7bab29252df0545953ae9095b1f776b284952

SHA256
331f99426cefb03d3427da6f1c435fabd054f313a4865396c0cf1ba8427d456b

SHA512
feece333aaf761aa99de16ef0f40ff67411240cf5d9f5e012ca20bf464a020c7df042c9226a5cf4eb33c86db21cb0803e256936d39fab20a45a246569e31b1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b90449d257de0bfdb5584bfac7c16210

SHA1
e1abd71ccf57737253678ef4b4a759da182b4851

SHA256
3a748d5ae8329c301a9f1cb76ca59e62cf032b4e0aaea5e33dcf22a334acb528

SHA512
711f7a2b5ffc134002b624d69094d2cf12a58ff7d3705cbddbc20a82f333a2813ed4187aa7ba0f4b0248ac1fa2712c8914d2cc738c80657cc16d91a3b58d5be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27d943a0a9596447678400d8267c780e

SHA1
4b0be2201140726b64eaed6bc0cf6c9f869c287f

SHA256
761782d5022ee4626cf64e4ce3ad83df0da6c49dd145bf143ca715a00a046e36

SHA512
f236e8b2af6f67ec053728246a2805abd0c379d6d62d39a34ef6ba9e281c4f1cffaa14439771c92be2da09d987553553c4adfd6b3c6b39f406473388710807c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15ddca0cafa7fcd64e35df09cbdfef9d

SHA1
847fbda44c96ec43160306eece862d097bb2154d

SHA256
511b670ab36209c323c2f662d9a4f8d812b737e6206ac508ae50d2140a319c0e

SHA512
4e43b0812e2dc526076fda1bb6c674d9e5520971c8297b4b931ebc21094c8948fe41f7bfb9ea44964069fe2bb447da8546241666cec0838fa4f2e888a7407646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b126507862c6614b5e6201d517561a4e

SHA1
e1297ee36065db0e36d394fba0950900d6c295db

SHA256
43d0c33cea7c78cdce07a6e0a3b0058be01a849819d2f6d1233e69a082b742cb

SHA512
ade89e8a3edf3fefb9032a28f874df438ec6f6cd39d3079a556e7f7fb1df39ee5bae3189e37f26b707d4111491108718434fd958933b742413441c941ef665f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f30d07cd9fcfb18171a8bbd59ccc9385

SHA1
7723616945490b649e4057e29d38f010bab4240b

SHA256
4c7348aca772a2abcf6e56b0aa9558dbae7f75ebb75b22e574f75ad5598bfc8f

SHA512
3444517ed828caa1468f6d044dbd50f058c4bec400fc83d3b3ae66f68252b9dc15fb4aad63447e3577c4f41e935a2c6dcd6d7d6f3b3c5d2b97a0af2ed336fa99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a4e49e44b79b8d38e93ecc416c8c02f0

SHA1
77a50620675cf95da6130a38d13665704d985441

SHA256
a133909ce64d0f45b7cbb2a509c98035d742c1fbd8f47159a39feb6ac1caa3d1

SHA512
3ab51ba91b5a88b0d26be1bc9ef63d3cf691b1583240216f4dc86b815e52033fbee51e4778717938311af1ef980127f1bf53b4d6023f5d399f5d76ee1ec0e6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c69fff59980ed312a10b3c753a64f860

SHA1
a5aa4052fef72da4fc98b628f3234cd8a3becc38

SHA256
e287d53fcf748e6810e8102ce574f20209809e17e55c365c099540736846d9d0

SHA512
cc5219cfd580e95e7a079b0a36f5da033f14acb842a4238c9f7e94d7829b46b58d69e7af1299818f7c06ecb02446d5ca81efc3f08a56025523c3ca7305506321

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2412658365-3084825385-3340777666-1000\0f5007522459c86e95ffcc62f32308f1_dd06e985-ac7f-4567-b0c7-3752f03c29fc

Filesize
46B

MD5
d898504a722bff1524134c6ab6a5eaa5

SHA1
e0fdc90c2ca2a0219c99d2758e68c18875a3e11e

SHA256
878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9

SHA512
26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2412658365-3084825385-3340777666-1000\0f5007522459c86e95ffcc62f32308f1_dd06e985-ac7f-4567-b0c7-3752f03c29fc

Filesize
46B

MD5
c07225d4e7d01d31042965f048728a0a

SHA1
69d70b340fd9f44c89adb9a2278df84faa9906b7

SHA256
8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a

SHA512
23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\Network\Network Persistent State

Filesize
375B

MD5
90d8ff0d7bffc348a95c31b03a509dcb

SHA1
587747831592caad22424303d9791dc4f41838cf

SHA256
6aa8037353399546d4433261aedd6fb12f4f9e35d6098502eb4c5aee85f88d66

SHA512
ace15be32058c3c35f3e502c70ca8c63127fffac93bb1b3785c941033e26e8c3140e8098fb730a646724d7f3ca5bb8996043fd659341b20a0746078ee43c713f

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\Network\Network Persistent State~RFe5936b6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\wave-electron\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\4c2c7a0c-fa19-4eb0-b6d4-e0931d2cf9a1.tmp

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 157429.crdownload

Filesize
373KB

MD5
9c3e9e30d51489a891513e8a14d931e4

SHA1
4e5a5898389eef8f464dee04a74f3b5c217b7176

SHA256
f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

SHA512
bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 332127.crdownload

Filesize
300KB

MD5
f52fbb02ac0666cae74fc389b1844e98

SHA1
f7721d590770e2076e64f148a4ba1241404996b8

SHA256
a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683

SHA512
78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 420948.crdownload

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 590164.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 976893.crdownload

Filesize
2.8MB

MD5
cce284cab135d9c0a2a64a7caec09107

SHA1
e4b8f4b6cab18b9748f83e9fffd275ef5276199e

SHA256
18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9

SHA512
c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f

Download Submit
C:\Users\Admin\Downloads\WaveWindows\bin\config.json

Filesize
448B

MD5
34a2c4377d1c5052f04702c00ff152f2

SHA1
34b4fdc7a68811cb77ea8b5444bdb63a11bfa047

SHA256
caea3e79bffce8253f2b5996c6b1752b8a214fee7225883ec66c5c2388d10b91

SHA512
8216ce75427004c7aa1064b70ac258558eb21fa93480522cb86aa2f3d9d934bab02eae7374568e6c3dfd965a6ea20e225272e144ac9a54c0dc9d7020462532df

Download Submit
memory/1484-1648-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1484-1660-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2328-277-0x00000283B9650000-0x00000283B9651000-memory.dmp

Filesize
4KB

Download
memory/2328-276-0x00007FF8A37B0000-0x00007FF8A37B1000-memory.dmp

Filesize
4KB

Download
memory/2328-328-0x00000283B9620000-0x00000283B964B000-memory.dmp

Filesize
172KB

Download
memory/2776-1476-0x0000000006110000-0x0000000006118000-memory.dmp

Filesize
32KB

Download
memory/2776-1474-0x0000000005200000-0x0000000005250000-memory.dmp

Filesize
320KB

Download
memory/2776-1475-0x0000000005CF0000-0x0000000005DAA000-memory.dmp

Filesize
744KB

Download
memory/2776-1473-0x0000000005410000-0x0000000005B2A000-memory.dmp

Filesize
7.1MB

Download
memory/2776-1477-0x0000000008540000-0x0000000008578000-memory.dmp

Filesize
224KB

Download
memory/2776-1478-0x00000000062C0000-0x00000000062CE000-memory.dmp

Filesize
56KB

Download
memory/2776-1481-0x000000000A430000-0x000000000A438000-memory.dmp

Filesize
32KB

Download
memory/2776-1482-0x000000000A450000-0x000000000A45A000-memory.dmp

Filesize
40KB

Download
memory/2776-1472-0x0000000000380000-0x0000000000456000-memory.dmp

Filesize
856KB

Download
memory/2920-1703-0x000000001B1A0000-0x000000001B246000-memory.dmp

Filesize
664KB

Download
memory/2920-1707-0x000000001BEB0000-0x000000001BEFC000-memory.dmp

Filesize
304KB

Download
memory/2920-1706-0x000000001BBF0000-0x000000001BBF8000-memory.dmp

Filesize
32KB

Download
memory/2920-1705-0x000000001BD50000-0x000000001BDEC000-memory.dmp

Filesize
624KB

Download
memory/2920-1704-0x000000001B720000-0x000000001BBEE000-memory.dmp

Filesize
4.8MB

Download
memory/3904-1500-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/3904-1431-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/3904-1403-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/3904-1393-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/5020-1349-0x00000000069A0000-0x00000000069C2000-memory.dmp

Filesize
136KB

Download
memory/5020-1290-0x0000000003200000-0x0000000003214000-memory.dmp

Filesize
80KB

Download
memory/5020-1289-0x0000000000D70000-0x0000000000DC2000-memory.dmp

Filesize
328KB

Download
memory/5020-1291-0x0000000005D80000-0x0000000006324000-memory.dmp

Filesize
5.6MB

Download
memory/5020-1292-0x0000000005D70000-0x0000000005D78000-memory.dmp

Filesize
32KB

Download
memory/5020-1293-0x0000000006510000-0x00000000065A2000-memory.dmp

Filesize
584KB

Download
memory/5020-1295-0x0000000006610000-0x0000000006618000-memory.dmp

Filesize
32KB

Download
memory/5020-1296-0x00000000069D0000-0x0000000006A14000-memory.dmp

Filesize
272KB

Download