hxxp://wavexecutor[.]lol

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 03:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://wavexecutor.lol

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{A52A461B-8300-48EA-A89A-F1C5C3627FEE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3632	msedge.exe
3632	msedge.exe
4988	msedge.exe
4988	msedge.exe
4584	identity_helper.exe
4584	identity_helper.exe
2180	msedge.exe
2180	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5868	svchost.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 744	4988	msedge.exe	83
PID 4988 wrote to memory of 744	4988	msedge.exe	83
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 876	4988	msedge.exe	84
PID 4988 wrote to memory of 3632	4988	msedge.exe	85
PID 4988 wrote to memory of 3632	4988	msedge.exe	85
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86
PID 4988 wrote to memory of 4060	4988	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wavexecutor.lol
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc801b46f8,0x7ffc801b4708,0x7ffc801b4718
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2064796380861331020,12941899026893472308,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
61effd364ff7ba899a489226c9f8c953

SHA1
0765efa5e115c4fdcf11a09f275d70213f964cd5

SHA256
fef962a918d772add475eeb8f0fdcda853bfd8e18f66707da8ca87e118856d01

SHA512
71bdc69c015bbd3bfc44fb6b319e03d17d324ed11ea95d4cb9b0bf6605d5646bd848bea23d7a2bdd89d9ed872e492099f50c452c709982d9567a611bebf9a674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cb400a0ce593af5417da7e87c4b8854a

SHA1
141aa27a04b41ec716e2c7433c87a69d4841638a

SHA256
c53c10c9b946fc2a5ef73e05d746e462f3ac6da2ce70b3e981e575bfc0dae9f7

SHA512
5dcdd6e689b7a5b3366585f9a7103afc0e9f803878a0cfecb5b31e4c15184e81fb29f4baeb381e75312302538704f7cb606b0791ed80680dc6ecf31592c2f941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dccbf6790cfee78a4056d8c0ed065c5f

SHA1
54cd484f3862e4ab1d9cdb2eaba7eabbfe810461

SHA256
f2ba4ad234c9967e0cd7923db329613e1ea3a94eab9c818ad6f9d145edac37f4

SHA512
f758c9acb587fd8796bdaaf025aa93876ffcbfea95b2082ebd5ecb1c25030a8974817f70024b924300929e7b49d785826d9a317f472008c35fcb1c6ef75b7cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8952b1cb26e55036eaf2622e8ad4bf11

SHA1
7dd2e42ee31df89ddd3a36d29d402ba4d99d21c8

SHA256
4ea80e30d4c02f4a762d6821e7e43e5ee8f7bf722da05ddbf2592406c80a88ce

SHA512
e312c07554c05d7696b4a52007e617dea120b971e068b85bc5075244f6715ec8e4912429eb489af39ffa2a5829e47ab2a511b99095af412863240770ab691e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3841bc16ef745a6c72e2a89871063bd7

SHA1
93b41b97ffc264f4e302bc573fc99aa826f23b53

SHA256
94fb4a192c4283356a7a3906e4088a83bdabc2fa3cab7abb406bf940877484be

SHA512
0c4b7e67c2a8bfd982ee3109514be6bb0b59ae453614d0881d751ebd7d7bef179953388f8fb5493ce635766f442828bc5a9d28a96c5aa247961c139f798065bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
619c50b9d1f2c4f2f42958bbb6b5174e

SHA1
e7a9de2e1e886b33c24d45b9975d9dc63936249f

SHA256
05ec02e5561b1bf26db63280932e7a37fa25aaccd7915bff0b984ac886f4d902

SHA512
8c6d77082797717f7fbab1c88afffad8264af982f6c93f181ee218ea155cafa8ef93205ee973a6948dad9cb3e58e06eb4bf0246f47d197e67a402f471b6a7b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e6c9d76a7290bb7046f6ae521fd80dda

SHA1
ea50072a0a1214070e2e2569da05326af836738e

SHA256
a806188e1a666084d3b6a88874ffe2cd179daee5eda6297140f38765bcde78ad

SHA512
414bb5cfbb21b2965328b9c5c357f6dd609e0feea82ee1b1643e9912109061d72efb8df1fc6eee564bb3c54d92bf11e4c5380656053369324077839b2b653b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22807966ac7e1d5f5021e58c2a9bd6cf

SHA1
5d850918d2ba4453ee3b2d75a60814e15b0843cb

SHA256
96a877ca52a08796fda19c51f7bb9d545f51338234ffebc38bd16d5672a119d1

SHA512
b5deeb3df69fbaee9fe51fbc1cc57a2ab14b3ace13814d2995dfa0ae2a873dadefd2604a6195d3ee07c7c70ea5e529ac723d753602caef9ad4d66ddf78157896

Download Submit
memory/5868-335-0x000001DB38F90000-0x000001DB38FA0000-memory.dmp

Filesize
64KB

Download
memory/5868-319-0x000001DB38E90000-0x000001DB38EA0000-memory.dmp

Filesize
64KB

Download
memory/5868-355-0x000001DB41440000-0x000001DB41441000-memory.dmp

Filesize
4KB

Download
memory/5868-351-0x000001DB41300000-0x000001DB41301000-memory.dmp

Filesize
4KB

Download
memory/5868-354-0x000001DB41330000-0x000001DB41331000-memory.dmp

Filesize
4KB

Download
memory/5868-353-0x000001DB41330000-0x000001DB41331000-memory.dmp

Filesize
4KB

Download