344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a

Resubmissions

06-07-2024 19:37

240706-yb36ra1epn 7

06-07-2024 19:36

06-07-2024 19:32

06-07-2024 19:29

06-07-2024 19:21

Analysis

max time kernel
594s
max time network
596s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
06-07-2024 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WaveInstaller (1).exe
Size

1.5MB
MD5

c822ab5332b11c9185765b157d0b6e17
SHA1

7fe909d73a24ddd87171896079cceb8b03663ad4
SHA256

344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512

a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
SSDEEP

24576:9viinbT3ipyqwPx4x3RyFoBkkAd04wJAAh/jV1gJcPNZI6fntX3HOt2pbs81ind2:EinbT3ipTD0anywJAaD/3U2pb7indT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

WaveBootstrapper.exeWaveWindows.exenode.exe

pid process

400 WaveBootstrapper.exe
2064 WaveWindows.exe
4756 node.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

4 raw.githubusercontent.com
7 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
400	WaveBootstrapper.exe
2064	WaveWindows.exe
4756	node.exe

flow	ioc
4	raw.githubusercontent.com
7	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647683648021310"	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

WaveWindows.exechrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2064	WaveWindows.exe
2400	chrome.exe
2400	chrome.exe
4576	chrome.exe
4576	chrome.exe
2272	msedge.exe
2272	msedge.exe
2124	msedge.exe
2124	msedge.exe
4748	identity_helper.exe
4748	identity_helper.exe
936	msedge.exe
936	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exemsedge.exe

pid	process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WaveInstaller (1).exeWaveBootstrapper.exeWaveWindows.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1604	WaveInstaller (1).exe
Token: SeDebugPrivilege	400	WaveBootstrapper.exe
Token: SeDebugPrivilege	2064	WaveWindows.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe
Token: SeCreatePagefilePrivilege	2400	chrome.exe
Token: SeShutdownPrivilege	2400	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exemsedge.exe

pid	process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exemsedge.exe

pid	process
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2400	chrome.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WaveInstaller (1).exeWaveBootstrapper.exeWaveWindows.exechrome.exe

description	pid	process	target process
PID 1604 wrote to memory of 400	1604	WaveInstaller (1).exe	WaveBootstrapper.exe
PID 1604 wrote to memory of 400	1604	WaveInstaller (1).exe	WaveBootstrapper.exe
PID 1604 wrote to memory of 400	1604	WaveInstaller (1).exe	WaveBootstrapper.exe
PID 400 wrote to memory of 2064	400	WaveBootstrapper.exe	WaveWindows.exe
PID 400 wrote to memory of 2064	400	WaveBootstrapper.exe	WaveWindows.exe
PID 400 wrote to memory of 2064	400	WaveBootstrapper.exe	WaveWindows.exe
PID 2064 wrote to memory of 4756	2064	WaveWindows.exe	node.exe
PID 2064 wrote to memory of 4756	2064	WaveWindows.exe	node.exe
PID 2400 wrote to memory of 1940	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 1940	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2372	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 3320	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 3320	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe
PID 2400 wrote to memory of 2108	2400	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe
"C:\Users\Admin\AppData\Local\Temp\WaveInstaller (1).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1604

C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
"C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:400

C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
"C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2064

C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
"C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=2064
4⤵
- Executes dropped EXE
PID:4756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0x84,0x10c,0x7ffa4699ab58,0x7ffa4699ab68,0x7ffa4699ab78
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:2
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:8
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:1
2⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:1
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4236 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:1
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:8
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:8
2⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:8
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4924 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 --field-trial-handle=1772,i,18348725329913337895,12431696771988663546,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa53e63cb8,0x7ffa53e63cc8,0x7ffa53e63cd8
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1860 /prefetch:2
2⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
2⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,4089707375051675648,14108618756619786830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5232 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9be59a08-d2ba-4a90-9bdc-4176d4ca3de4.tmp

Filesize
7KB

MD5
c67eef4c01de3a1b4520d8568596b60c

SHA1
6b574c26903ebb3c8a268249ccd6651766ebde65

SHA256
f3cef4c9db85db2b909d35eb5bc995dfdab90cf2902bf5cd88830fe51d695361

SHA512
42657b307e6f82efd7aa0e3bee3229b7e512f733d7e8b7040ede867540e2bf2ba50e842bc66a108868a0d12a20ca1faa19fe20cea5a427ff688adb7a70fe2b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
04dcdf3876efefd71cc37633e8568d15

SHA1
a52e705cba8f449b34a032274103a713e2665bec

SHA256
7370daf0e603b5b0e584eb52ad42f66507216769132ec97e3a64cb6487751533

SHA512
b43fe54a1c504eb9afcc0f9346808d3bd93600273174780244bc4970d652755ffdc9031f6647990bc081bfa0318ab295497ed421e3be7504d93cc55df3bb418d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
47ea05a7fe5de05ecb6a95d244ca5330

SHA1
8f3a180d793d83320c761c1b811c2f52f09f81f5

SHA256
e9676ab618c73c02722351005200bbc8ea5a83c865bdda5655293735623ff31d

SHA512
1005cefd5c5472ea6edb3f5f9796643c151f2454b29e2e444298b139e32a2fbd572ae4dda6ee6dfa74430b9179363337242e90b581dd966b746842d14d0e63d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
65c448492c301fc53616ad4e12d21dc4

SHA1
abb9d99ef15451c05985f262509b74f127fdbcee

SHA256
59ed59a287fedb58929fe7b4b9e9df7e353dcec6ce069d54e23352bc60f10783

SHA512
6794ae00e9265d83629c9e44839cae1b3aa5b47164be87ce0ba4ddf49645375112b171a798362c54d769bd97677e5589e81ae9b40112a8c11e6f6feb32afa330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c9a6286ec40ccfb5e280bfb44143746a

SHA1
e0a469bad45e6950ea6b31bd55647a6744806275

SHA256
1a8d44afff03295813584282cbb2f76b2426366041aee4eb3f67985c76e35904

SHA512
2678cb16443b87ec50a130be9c08aca066ae08b81ab8bc83194c035c49c16837339e77f52813a5e537cf5a105a6c95c004fc12cfce14d1c62150af543392b84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9c975be9d8ddc8b31df1e58a5795e96f

SHA1
6db5cc0e1c1015613e07864b86c335cacd873d4e

SHA256
b852b878b6224e5a40217b07ecd7c87a2f1e80706968cafaf56832c25ae88998

SHA512
2512798cdce38142ac723eb0fb5e7832710fb1db61c7ff0561e3fb18b2fc87cf24df87e900dc35998e246ab6b944c18681ce7999f7aa2515ec494937828c1923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b55b4edbffb847b7369bba599433246e

SHA1
18bd98630249047df3f26027c625c98f51e61e33

SHA256
f51f88b47ca140bf3823e92f8fb0c0320b3d22e8cdac19bbda5fc8926de6d49f

SHA512
fd33de28fac52406ae2eb0280542852b95730bb362adce4c5819cf793a837616da4aba45a285fa98a34f56d57985c900a542a0839ce3504c1ffb51465d1136c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
acd406474cc254285f33760e19dae2ca

SHA1
37b55111694ba259be0945d8fe5ad4fb41d39a28

SHA256
c5b4249f9b0c9878a1761f5033aaef4bcfab154830d75c3469b6e90fdf3233d0

SHA512
b3424bc97aae6fd86de6210513419118f436876587a0d14b4fd9066ebb0a0d7817259cbf12083b8d3cbbb07d763f72c434ba6e4e0c137f9f266b7fd63826478a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2aa88adaaf056fda6178d190a3789158

SHA1
b6bbf3bec0fc5c2258b58da51be3377b88fca115

SHA256
1b098117079eba4b4127811fa237218052c8b370d1070dfccf29074893aa6e3d

SHA512
0f52ceb018ad456b7fa53a7c89671ff0a36481b378110df9e89623fbca1b6484208b0ae169c786c2ee7992dbc5148104a5b48c6905e66a7a0b2dd738efffde40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
142292316b1b44930c21a3c642bfb680

SHA1
9502892d593903c9e81c1536bbc365b7ee2036e0

SHA256
602a046bef617b4aa3fad733a90ca7d1e1665bda828a4c407851e6131fb7ee42

SHA512
565620bcd279d2b91612c744fc21df5ee8f5b4e363852cb7eac8ee8e2c1dfc9d8062693ab02b635ccfaab62380589a5e93cb7baef5f42bdfc1578085c568114e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b09804d229bf89437a6761d3636917fd

SHA1
6121a161db1233cbeaf569953fb3c2a596fb2b56

SHA256
2d30460f0553b21f849485dacf06fc9eabfd01ef3d49a77d76ea3dc25b9e1dff

SHA512
aff917ae30ec950135748eadb007c67885960713de27619a9d15e8d67ff597fe02a9fc9b7b81f496a2282162f5f903bd422f91eea5c24eba76914945289021fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d2aa28cf17625b59006f295287556a1b

SHA1
80c82df41a5f1e3d7377f65ec780770e3b303a39

SHA256
f187496d1d642cac50115beb28c0f1224c593f0671b71fe6f115041df5367521

SHA512
1ff3b7b6cb5522aa83a6db68ae66a4293f5f3aa10e8ee9109ac0edc7a515cf75e0648c41b0d2ef68a22d7d97d3f53b1ca81f498ab42df2a5ae64698c13914e30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
974c17bbd1c841902cd2089fa5c72df7

SHA1
816f888889ec23fa7b085c8708fda5ad94ed4628

SHA256
b68bcc15ede91564daa9705a2dcd51cef72c96bcd3d847d0854d490ba453d7e2

SHA512
24201dab5148b8d6f48c34094c82d337638eb671ea07286b0f8d1794010464dbe6e10781bdd9f47bdd1a4082aa2e16c978abd1805d8998f2d43788db60cef49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ac15a7e5077c2d34ccf23c6d6d0e3fb

SHA1
3d67e4b224b83d095edf9b1cabafc8da72147db2

SHA256
2352af188954592d4a373333af906e79c73b9dd5df1c8a7fe64683585a99d6c6

SHA512
d706a50146b89442a2f09c325910daf718ec27419712d283f539173816a656087985a712b816faefdca83f9bdb7651d9c36a9fe5fa371163f6f8bab345056784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d87c12b40c5e7cacec10e56b2599155c

SHA1
2f5cb61837b7faf8880f807bab64f0bd8f9bcc7e

SHA256
7fb863fa70303b695a89a05282ee194e9672610ee9a05902cbab8c65ddfb4d71

SHA512
3425413655b76b06dc630b105002a935845db9d5666f284a1b5d0ca3d9d52d4868fbb15be40a78558db127f8124664fc1a11211efbb397991484253d9c988656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
1729b5448b2d1cb7bb2d301c9ca8ba3e

SHA1
3aede09dbb5aea498c9781797f71aa6665fb0dcd

SHA256
101143daa129c7f4c8feb3638dff53a2be3ad3ffd92e268a38c848a7e55cdd16

SHA512
ee286c33240b5f35114ae9da2958e0e3b0ab10aea166cc0779580de1f18c50c3baa9144a530b6cf30c012a63136627615d1f7f86586d6136b609b1aa6d03e113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
343287d8303fbb41827751d2b335cdef

SHA1
a82e902a7c0738d82b3338cc31ca77e411375662

SHA256
9943d1902d8e185748706bc343dc9f24ab8f4988630b45510fe7c8f8a1a11a71

SHA512
39539f003eff56f1e81f7df049af418e946fef2d02ae5d21d6535a841b585053e5a012665074a980bd5f4c83a8b46efc5bfbc638cedc350e5a632e0561fef43e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
9411ad004fc94ffb80920b3b72e5e7c6

SHA1
3a8235d0aaed591b1d93fe260f2aaf0a368e47a0

SHA256
804e25d5f159842c1c1ac3e8563afc251441302d4f4d24b97c5b642a7d36d935

SHA512
22606a9c6191c0aa8542a8119f9a78d69aa9667b9c18fc722cd8012a7093a55cf1c4a4902639b1a646b548f3f03714becc420defd97d2121c9031a07a594d7a6

Download Submit
C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

Filesize
6.1MB

MD5
6b1cad741d0b6374435f7e1faa93b5e7

SHA1
7b1957e63c10f4422421245e4dc64074455fd62a

SHA256
6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

SHA512
a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
640b9bae54d22b45b4d52a96e2f81f13

SHA1
b1c7304e9abbe1759f8df7f88ca2c6354b42fdf3

SHA256
834c17e205445d197a64177b76ae0bb718bfe2eb8ffe492f008946603edf80d4

SHA512
8baaa3339cddca01a018e9a0900426a7590f7107c55372d65fe932dd570bb4289238977396037c9bf73157d6bfd7f1f5795842df39c354200c2af1a84014e6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b45c28d31ee31580e85d12f5ce5b6a46

SHA1
8bd9a23f3141aa877711fc7835446b8783b51974

SHA256
d944d6021a2fdf016911aa4d9e8b437431fa4f92b0229b9e3322b4354a4b19c7

SHA512
3628da551c52367a4b54ca0cb7c401f7d3a8dd37375b3b57d82adb06c96657ac55d593ffa7a9f000f74ecd7e6d35562a96013d0c70b04123f055a4d2af72aa3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
307ff3a6ad01d481677e7b3784e530a0

SHA1
9a71f9ff4c46c44aae3a82c5b7c9072621a345b9

SHA256
7db15767cbc788ed57db1f9fc6851989f3d4f02c3bc7bdc6f099ef4e548776af

SHA512
0572e6269d3e30b2d727024861809408b3f80a5fe701b24de452e204f7d1bce23548c54cebe0bc91c2ebef565bc199f4d718ee16f20bfb47d7bd7653bba86a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
51b4862ad5f7db10dc3c190e9f36509c

SHA1
6f0d9641344a82eabdf646439b00a546c58234c4

SHA256
ae296e991686f28ddc5ae1ed6ec63bca86afed31e582369ab88dc8c2f23537ca

SHA512
c09c067b7e8d472d979b1fd44ec9395040fa4f6f27a132f9dcf557209b9da60ce94e76837946a01db7f8831323b603528f94e06d14b2ba3460e652a179d5d83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93560467c891a74039b34b2412a021dc

SHA1
fd1d90f6b84f43515f50c3908a82eb995dbb006a

SHA256
d8cc2bbf7145c175fd374138982c1ad548b1ba2ee7ab3d6e3e483f7779468155

SHA512
f38a87c06cf65abc2b2b33db939c5c90e30e54dfe16745780d775172ba8a92059f405581d3a0095b3bd7309ff0a3d34af5b53da2b36ffe1204fe8fc041ec0c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f64dd771c304aa4a0f85bdca4000620

SHA1
137378e55ad3776237afcd98bb9ad24ef21776f6

SHA256
169a0a23c6294b7c91d0e27345b9a8d0ab550f0d29fe64e6d3cd39c3fca299eb

SHA512
a8c7dafbf7d01f5320eec55c1ef9cbdc123c11a026a06e334fe304100d49ea6de34f9da3faba3fc79e74f08bba92e8d232325cc7fca74340c15323d6d7db9aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8f08eee488b26666c21c3bd186b1e88

SHA1
ed792b49c9a6da856a3a3ef7df095602c9a2f557

SHA256
a26033476813ae419694ec72bfaf9e42864d7e66f479c54600178ec6832bae15

SHA512
9c1ceaa965b4ac7473a845263c1d26139b152ec082c67a26742fc99724a0203e7f1dc8ab879d5132c9b506f2cad4fed892b686e1afa3d406496b90d96f122d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb137d778b9e33dbf3e2f669d021ff73

SHA1
921717e7d16eb0461d4df9111151ab223b09a850

SHA256
760ad996e59d788e0ad7b0603890221930bcfe984bc1a88219da76e396667a4c

SHA512
bca44c0eb8f069b85bd793079c4ac5d43da080a8ca1d1918db99af9a2c37267c21cf3d4e3186ec9e1ea44583416ec2e5745bd25721b9b15ae805514a5c2a4f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0b78669ba530444e9ed5481c8148381

SHA1
31412f77f0dab6403473c6f931c2931275634e43

SHA256
6ce161ef6789c303654dd86a7c6d63a89a54abc8f952a2933c639c87ef6720fa

SHA512
d947d7177b0d42da75f525970ac916d9ecade02377c8b62c726a57bd9e1fa98449828d91f8eceee611279c2434d3dce1c104fb131c8c15f3f7907ce425be53f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c32c5b3a5579484b9f613ad9236fd9ef

SHA1
e9faae19b743e093b40940ef6fcd816ce75d629d

SHA256
6f666aeaa0e4882451bb928c830d0eb69e05b0b49db64b08c985ecb946cf47a0

SHA512
c4c77657b70e646c003bceadda9bfa7b9984ef8fe865125eb1fed68914185aa04642a4b533b1550c2e87f43b8cfc3c49fb8b494145498353e85a38e60e4e4ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38629c606f811146312fff48de490a6a

SHA1
f4cc568d678945d684cb273cee122ab69866864d

SHA256
38fc41c0e2e87fae44aac370c0ff47672a92cf3a2ccbaadb328d1a23c3f076fb

SHA512
660d75b3cdcf5817d6c1e07f0feaa433718e0ec86f24ed4ede3a74a8e6ce1d635b17de51394535acfeabee37c4d530b3e868fa790a4cabb5fcf8c8dcff11565c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b5427.TMP

Filesize
1KB

MD5
c9b5620fdf48f5fe7cb7b68bd88d47ae

SHA1
6c2f6cfcae2a731ca3766fa16cf1924718aaeee1

SHA256
cc2e6fd65d044c6ea9b5c620a625425b03038c1c5a9551294bc8fb70bc0f8eed

SHA512
30a70d10de9c053f1c0f2ad6909dab3d65f9cab5114dc3ddda80147b5e355f1b46e2c587c1b99adcb405db28dbe487a8cc355eb5acf99723721d20874d3ead48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcc20a3b99050a502891b3284e2de1fa

SHA1
a09e978d2194124f0fb4e9f6ca8a5dc482fefcd6

SHA256
f5e5044859d1fa06166526520a66857d4496f1f7b6a6c437722b3b9deeeb27a8

SHA512
c19e66356b6df4859414f908b7f01a839015c588a13427add090769811972b385005340bc6dcd278e7e506f80fea37728452ad57c9518c5aaa7d5846fcb30eb4

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

Filesize
949KB

MD5
8fb51b92d496c6765f7ba44e6d4a8990

SHA1
d3e5a8465622cd5adae05babeb7e34b2b5c777d7

SHA256
ab49d6166a285b747e5f279620ab9cea12f33f7656d732aa75900fcb981a5394

SHA512
20de93a52fff7b092cb9d77bd26944abed5f5cb67146e6d2d70be6a431283b6de52eb37a0e13dc8bc57dcf8be2d5a95b9c11b3b030a3e2f03dd6e4efc23527a6

Download Submit
C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

Filesize
8.0MB

MD5
c0563fdf381a1f1274c8b2729254f19c

SHA1
f053b238515f9b8cc4f763f8bc6bf321f160a499

SHA256
b625a539e7d439938f6864564cbcf00a610e9f29415cde7b1ebac45318cdc371

SHA512
c8abf1aabd44aff41472d2bb595c5a6c5e0c4b5dd9f2809d9ad625431fc6d12b8122bbf394e0cf0e4a71998136791942142d4a461c477981601e3c0dfd513bb5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Desktop\Wave.lnk

Filesize
1KB

MD5
535a4601ac3e93c924b286f5abea85cb

SHA1
8979293d083f9a07a3771a9d905f0306dccfcbd5

SHA256
56b1bbf6604a23b2d4fea470ba4305f8682821693e610e836b43ae1ce8ef055c

SHA512
b48ead2437dc32ab081179bb99e2ba4c4643e54bd328c7f2d784e4bd05eb764e263fa9ec1d492983fd3f5dcaa190b0b7554e8afed4410e4c5f3cc9ce9bfbe59a

Download Submit
\??\pipe\crashpad_2400_KBMDWZIGUXNGYNFT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/400-249-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/400-236-0x0000000000440000-0x0000000000532000-memory.dmp

Filesize
968KB

Download
memory/400-237-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/400-240-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/400-241-0x0000000008510000-0x0000000008614000-memory.dmp

Filesize
1.0MB

Download
memory/400-242-0x0000000009310000-0x0000000009326000-memory.dmp

Filesize
88KB

Download
memory/400-243-0x0000000009350000-0x000000000935A000-memory.dmp

Filesize
40KB

Download
memory/400-244-0x0000000009390000-0x0000000009398000-memory.dmp

Filesize
32KB

Download
memory/400-245-0x00000000093F0000-0x000000000940E000-memory.dmp

Filesize
120KB

Download
memory/1604-15-0x000000000A670000-0x000000000A706000-memory.dmp

Filesize
600KB

Download
memory/1604-8-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/1604-1-0x00000000000D0000-0x0000000000262000-memory.dmp

Filesize
1.6MB

Download
memory/1604-2-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/1604-3-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/1604-4-0x00000000057C0000-0x00000000057F8000-memory.dmp

Filesize
224KB

Download
memory/1604-5-0x0000000005790000-0x000000000579E000-memory.dmp

Filesize
56KB

Download
memory/1604-239-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/1604-6-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/1604-7-0x00000000748F0000-0x00000000750A1000-memory.dmp

Filesize
7.7MB

Download
memory/1604-20-0x000000000A800000-0x000000000A80A000-memory.dmp

Filesize
40KB

Download
memory/1604-21-0x000000000B690000-0x000000000B69A000-memory.dmp

Filesize
40KB

Download
memory/1604-19-0x000000000A790000-0x000000000A802000-memory.dmp

Filesize
456KB

Download
memory/1604-17-0x000000000A2F0000-0x000000000A2F8000-memory.dmp

Filesize
32KB

Download
memory/1604-16-0x000000000A400000-0x000000000A426000-memory.dmp

Filesize
152KB

Download
memory/1604-0-0x00000000748FE000-0x00000000748FF000-memory.dmp

Filesize
4KB

Download
memory/2064-250-0x0000000000E30000-0x0000000001632000-memory.dmp

Filesize
8.0MB

Download
memory/2064-262-0x000000000AB80000-0x000000000AB9E000-memory.dmp

Filesize
120KB

Download
memory/2064-261-0x000000000A310000-0x000000000A386000-memory.dmp

Filesize
472KB

Download
memory/2064-259-0x000000000A0F0000-0x000000000A122000-memory.dmp

Filesize
200KB

Download
memory/2064-258-0x000000000A020000-0x000000000A096000-memory.dmp

Filesize
472KB

Download
memory/2064-253-0x0000000006090000-0x0000000006098000-memory.dmp

Filesize
32KB

Download
memory/2064-252-0x0000000006170000-0x0000000006210000-memory.dmp

Filesize
640KB

Download
memory/2064-251-0x00000000060C0000-0x0000000006172000-memory.dmp

Filesize
712KB

Download