hxxps://getwave[.]gg

Resubmissions

09/04/2024, 20:41

240409-zgjjzaaf27 6

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getwave.gg

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
63	mediafire.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
2640	msedge.exe
2640	msedge.exe
4092	identity_helper.exe
4092	identity_helper.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe
2640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 1700	2640	msedge.exe	86
PID 2640 wrote to memory of 1700	2640	msedge.exe	86
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 832	2640	msedge.exe	87
PID 2640 wrote to memory of 4180	2640	msedge.exe	88
PID 2640 wrote to memory of 4180	2640	msedge.exe	88
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89
PID 2640 wrote to memory of 3852	2640	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getwave.gg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8214e46f8,0x7ff8214e4708,0x7ff8214e4718
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2296,2736245711308568900,244217662206824842,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
f56102e7a8a894b7603b9afdd7fb5209

SHA1
be7713f75e5221ef34a38b71b57f6b2438bf6dec

SHA256
07d64484eecfce65025eaca9010a775b28ac0cee289961418db60bfd65490624

SHA512
9632b62f7ef3ba70759635b9450db1592faba99eddabe2339cf287756b3823a08c100775242c8d960a42cf5ec3c286cfccea6ec1484574ec6600dfc871b7952f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
251be934dcab3d892861566244620c73

SHA1
1e66565cd3289a6a51536f1888987b17ce590b7b

SHA256
193803ceb9e007b33cf1d3c48ebf0ef13805f0d95ee70d4c07299104f7b8c7b7

SHA512
657419fd25cbfb82a68c0b550a92a9fb0756ab47e2576a1ccdd9bc665994441f0fc35e2dac4638c826582b3862413a9909021fe71d77bf3dfef0757057b30c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
620B

MD5
62117075dd764ec202222607f5c8b683

SHA1
d74baac1c92ef275ea4522fa6d0f9a6c1cdac2dd

SHA256
513b55ddfd2e7ef7ba8395fcdeef81c92868c8114a4c63ba22c2daef527f8715

SHA512
5a62f10698d2bdbd611a6c80c7da6e67ff5872a9569c087cb0b0fd9b0baa06e682591f8efa5f2051dac79db8cfce1a08ab911331fa7d782cb2fce0239db3ad1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d22f4b0b02b6081000fb9f814ec016fe

SHA1
0b03cf0593b3942682f5bc8569b773466865b925

SHA256
dfd7394ae4a7051e8e28ae17bb567058a58f8f42ba40025aaf434ee805e44f46

SHA512
90a2714d9b94e258bae4a4fc6aa7cb7bcfca8cd7c85cecb8e239e3e08adf43155d4cb0685f2cbe0650711a83c00f34f5a1c8aec2264533c2a780e36c3fa0b38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d188ff723e2d3b77dca2ff2f5b4220c

SHA1
c028337be10a5f1dc1c43bfb033a041e6a145755

SHA256
e900c17899d8fddc6b4113f96ad8fbcb18eb66ec8c9d84dfc620ab4a5f3ee499

SHA512
a0f679338cbb49d374e4339030e876298a08e10aeaec9b7e4c8d172f8a406d2f2e068ca126d7ea4754c067ed23296458a137c704ea4a77e7e1eba8cb86be5b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55d240fb3784bd4803afec0ac2c44cba

SHA1
d425f50dd69eb51829dc892fe63ef3c3d785cc37

SHA256
25bade536ee355a68f11c6e45b9a1a210197156e845b372de0babcfc2cce2ead

SHA512
8130fc8bb40e649dc1af4f3cf356ae0196e7eac82d01d1c339ad15637d202fa04bdcd00b6efa20f57a21597e475f18e3976ee2855d1a9a6c501ebf05ca138933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbacb21c6ed178aec1d62d7b5c389dc6

SHA1
5b44481de43783cbb789134526ed88ea109cf339

SHA256
696cecaaaa3544ceb23db7f56f78fe10b8cef61d5507c889396cd4a9d47980d3

SHA512
542c1d52d381d5e68a5a6d4c6fafabaef680b6da9a486e5644e747eef17d84c26eff4d3e14fa9095051cd612d6ae58f61f32f39757844ce9f904cb4625ee7e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb66c07824f7aef584f25669fabf33af

SHA1
e6e356146a36085b9e89e87c6b8f58e3cfb0f496

SHA256
fb2e5b356591a9c788bad4f94b49c2231f58191fa47681d368bdc4271fab9f88

SHA512
8b7c43c0621a25ea9d0fb775fbc680090dd3689a9885825056c2af4a3712949808d9731d18989238df5749c5546e8d926ec1dfe16faceb19831f088d4cfaa31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb3957302c9aba967d886fcee421b307

SHA1
1627546408c6c2f6420f197d07bde3afab2dbc60

SHA256
b3abc54437bc8adbd74768a7326dc59bf13f3bd16c1a19e0a21af48c877b980f

SHA512
6e04b7df1193118189d7bce276f3debccf807275550aca5b81658038c2085bebcbf29609235ce3fef4a3df1c0fda7310dfa1c3b1ada0ea81574a29a19dfbbf36

Download Submit