hxxps://waveexecutor[.]com/

Analysis

max time kernel
1038s
max time network
1040s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01/09/2024, 14:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://waveexecutor.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{FA3A78DC-D583-4ED3-B482-F3A845E320B1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
5956	msedge.exe
5956	msedge.exe
5772	identity_helper.exe
5772	identity_helper.exe
5708	msedge.exe
5708	msedge.exe
6060	msedge.exe
6060	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4432	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe
5956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5956 wrote to memory of 488	5956	msedge.exe	80
PID 5956 wrote to memory of 488	5956	msedge.exe	80
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2308	5956	msedge.exe	81
PID 5956 wrote to memory of 2068	5956	msedge.exe	82
PID 5956 wrote to memory of 2068	5956	msedge.exe	82
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83
PID 5956 wrote to memory of 2344	5956	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb74d13cb8,0x7ffb74d13cc8,0x7ffb74d13cd8
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3936 /prefetch:8
  2⤵
  PID:276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15910709415604782573,10479635979266460557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\788e48f1-a2e0-4436-be04-a86a5e29eb4d.tmp

Filesize
11KB

MD5
32172c42987e725ad08457a85c232847

SHA1
3443a1dc5dda6ca5d86e6ee248c2716f8bf05ec8

SHA256
0932e73c939216a92c1c4aa4bd6c6d95001d780015845af0785fdb9903ec8418

SHA512
6b21dc6ee09170db7c9dd9f17d284531bdbc729c8f932b520214fe0adc5da2f85f6ab9a62971d93d5497bfbdc8849e02e5e739f125b742169d01b8b050a817a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
232KB

MD5
6cf83526919e2c39b12ad0fabbe14542

SHA1
9921389f4b958bfa622aa2f8ff6bc893e38e30d5

SHA256
6bf5dffc7f23eb0fd6bb5816831b57aab67f73df1ee9f78f9303891c9d424678

SHA512
5c0c2b6db46e5bebe9881f407dad6b2a26068807f21d5c02b80ee14e07b415aa1d562632c11b427bbc3b53839027c92e34f3df8a1fcce8d53415eb8ff9620bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
47KB

MD5
2b5dfb1918c67607a49e6f784b48797a

SHA1
a8830395cceb8de7687b3b751c6626546f307d47

SHA256
5aa5e0d95839092c4545fea0928eeffac76690e8adf533d97b600e97250dac8a

SHA512
eaab7c07e1dc33f43aae512b77a2217af2189aede83c97dc73f2be7a17da5b1a242f47c7bd272ab13c9513d837fce6ce0ed0114b27971543370413b2a9c5dcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
753KB

MD5
2a283c0fc03a66ed6276ac8cd23b6c99

SHA1
79cbe1c0c2f1e3acb5e3d85970207024ba1c757f

SHA256
0d044d038870bdf1779be17b1ee25746cc8f39848a22b5960a8bdc591d042da8

SHA512
7d4126e07c0dce56ad44a52c21e3d12ebbf74336f51a389d2ed47b798f9a8ba1dd527072cc531f9a4dba1bc57003d865cea4d66cafacf7acc162525687990cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
20KB

MD5
e922f99ffe1e8eb6ff6c80c8c2582339

SHA1
a737e6dbe5bd43874b6b49a8ac947b36f406d47c

SHA256
fdbbab8f74ff0685ddbae8725bb34b645af31f70da755eee412e6c64d78627eb

SHA512
211182d1b99db02f0bb92786d57bc1cc8db182b4d56b5493c26059cdbb651fbf59a4ae0e9c712bf80ab94396e42c0ddd75ac52dc02422668b3525bc7d1625ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
32KB

MD5
eeed3865918f5f4f828ba620f28ad872

SHA1
1a9c62fcb83b3b07e93bb4598e26fec821ca8729

SHA256
bd990ace13afd11503454ac99b3795d6d10d71f22f2805feb6566d2469c59a4c

SHA512
ada4f8269e3984782b3d5ab29cd5655636f431073266367fe9d602e338a208aa359a72ec3145e3131eaf1ffcd4a5154dcb1e7d9a0aec989416fe0293e13298dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
32KB

MD5
c3a6cdab067beb2f78014e56210ae536

SHA1
bd117962b45336e96e576c6243009e602d09ee47

SHA256
e605878123ff1aa07ad7665de4fb689d90ac89e2cf51e91428324d213f540ba0

SHA512
7fe893fedf95ec495216ace819e096448b544c32634c948a634e4e793b7ebc6d7740d7b739343412eb7af42604c9ba37deeadec016bc3caf286166718358ba14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\272bb039d288b616_0

Filesize
54KB

MD5
2a77e62a22d67de9870755bb13df46d5

SHA1
6c9a165cda681961ea324942d3aac84dba1ad1d6

SHA256
82bb48195613d83655d0fc70cd1879cd0d46f7460c364c23704fc377d418c171

SHA512
4a72146e72dfca888461dd70713512bfaa2870248269b221295ea3c7834ab0b865c39321b9a75d19afd144122e705136b13e218c368f0417926e654127b08b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
18307ea2643087825476cca5fea66d47

SHA1
913c7a7e5feb193d26587f9e072f86c1bc1e832d

SHA256
61a98bb14759e85a43a0c5c85ca30dc523394fd3a1bc465068796a7c0c4249b0

SHA512
26437902443b40e9de3d1324af20becb3ca048f9461fc41c025afa4cb40ad85ae0b70526f254779ec771d4a330a50239cb0caebd23df8ed8bfd43933a6afa062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ec5080f3a63bb1357c9a1e40a9c5a537

SHA1
7ce224319e492a36e73c7a7d20b6ad12fda0a3d8

SHA256
4b40ceb7c6187c421961da5e5c3c35445f8f08e439684d5c70ec48eeaa09db1c

SHA512
bd66d1635144fe47c7c199a12067a6822df51b5b65ab76726f1933f0766562ee45241d2e2e1f8c9524a8a5519d3383d30653d76c7c0875bee3cf90a9ec28fabe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d7b3c76a38518de2d62fc8ce153843cf

SHA1
f689aceb4c4af73eea75156b608c1d9848aceffa

SHA256
fc6eb7e8ab7ac261cc30b165138d92184099d29283b2bdfc294c7b6aaef3073e

SHA512
63c52684d41337cdd690d6199c6f6be8ecb7dd5b6abc2783babc27cbc556d70620a9f4a568aa9137fc2ec50553b1dc225691692ccc9b0b901a4ad26505c9bd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4067b55dd5024a5ac32eaca69d731cbd

SHA1
761fa583eec73b9e7ddbf7501bf70d4c1f53b3d3

SHA256
219468fbcebcffa28ce27969775a9cd66c8c9e1d58633a69942f2831b533c36f

SHA512
1713599c3e78f13ad8640c146edd1a3003526084b95dc48fdf5ddc5de88a64ca63bff115c162000b3c3602772bbb20f01e94cb921c243a70262d06bb11b423c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
6a0594165fe270123f7f596b3b6af417

SHA1
9ca28a1b834d9cde5cab75a093043d4c878aace9

SHA256
0873210a118fdddee60673696f244b168b2b7d85232d373294cb832777ecaf62

SHA512
c5224e2a9b25b7955818cb38731e03b7f1d48ace3014d0ca11d9c1902788267b19b938291141c6f155d20145ac6eb91533e637bcca11371cdf6fdc09df17eab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
7350258ed301d67262fae0f50e15f6b7

SHA1
dc16bcd5db43db6442c67126a368175d0c36ca97

SHA256
8d230f599184cf84955142c11d1e81a0ee85950b67090a5115308b7fe69c913c

SHA512
eb67a2cbd1709526db033b40dcfee09291abcc3bbfbbb0681fe375e4e7e1142e759c75c982043b9a4a7e44c2db4e5a115d7d3495293bed2b5bbf5dc7117660d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1cd7a67e37a3de438819efe7df7694c0

SHA1
35f3aa6baf4faa31a2e1f1672b559c63fb62f690

SHA256
a7ef4ef9fdb19ae7d7c00c5f6d755cb5ee31397c544fa8cb0c49da6bdd8cac88

SHA512
ff96cad854c304c8d984b71c844e1ca46d1a0cf74e86fbb115a5a992b91a222875ca3a0b13f0ca4c4706b23eec1e39f24411837d8365724ad42925087462f240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee91ff686528f391ed12b568071f105a

SHA1
911f5e6c20afca31ddd07634c6a4b600ada499b7

SHA256
0c0f3002eed563ac146372bf1f63f4c9f265e8dfbccc855eea62258588ae1862

SHA512
dd1b74d6d78f3bb0c924633041c665e08931ebc3f4e8b2dc64f62a9a21753b70d9b57a3cf5058f6be446ad87bfaa9906b5bf76286efacb1c0e276e6ecd6ea055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87b6360e5218f2583edb50d375a838b7

SHA1
7a3a2a8cb4c6eacd8d269c2827956e07e33491e3

SHA256
4c20587be604b6eeccd87fb37e99f4b4a134bfe663cf015304dcb0aba173daa2

SHA512
07763fb5ea49f833368f6cab96bef91618004c052a48c1706e99e4f56e26a03e9645d9c67f4d1f99463e8b9414f0ac24cb96ecefd496f3f8d51b5ce9e892237a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07a037e5ce555f1aea6e03925f0e8c83

SHA1
0c4446f7e812139e22bedfc802b5645538f82e0d

SHA256
5abf8c6dcd04ce66782d9ee0313a762248a71697f259fcfb40bd72aa2268eaf4

SHA512
23eed519a5f9040976a0776a5570cdda3df417bbd3eaadd253878828776ee1dbad8b7612693d8eac891053ef18ddb1537c220346e50eb08f62b06b6d38334ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6cfb6434-2de8-4073-9ee2-f08dfb30070e\08af28b669e0c966_0

Filesize
2KB

MD5
1f54fed7f28019e587f44032372a2178

SHA1
7a024b64067ca2416dba6cf416703b367171b585

SHA256
9ec121b8bc7a3712a03b66e78932b2bb099809810488bb762b1405d261659fba

SHA512
0266f72bd18128c966782a722ff2218e7b94b8cc01d27a95c75bb4b4d59e5183ee75801ed7ef406c14d738efd86029f73be526e58797ff8346e0edaccc2df628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6cfb6434-2de8-4073-9ee2-f08dfb30070e\index-dir\the-real-index

Filesize
624B

MD5
b0286deed542b54071e314b257b798d2

SHA1
284e324a52bbd1d4a9783b364e4b8d95b6efbd90

SHA256
3be9604e2e45a021e82c3e38c6191e99a8cde5ce7ce5cd24a024b74ff7b37dae

SHA512
65f1bee955402b040ad2b83c275460c3b89a417b1bcd3dade45d526883f97cf4daf0258746f5c38adf09a325bf1ad15e39cea2a8433578c577a1566a773e85b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6cfb6434-2de8-4073-9ee2-f08dfb30070e\index-dir\the-real-index~RFe5853b9.TMP

Filesize
48B

MD5
f99f73978380af03adcdc170fd7b7e6d

SHA1
5246f42ff5d20434bba51cab66c85faf85f14e08

SHA256
51486694f8d9845ee972da757bf53645e39c72e2b280224f672137ba16d58350

SHA512
66293e563ed9aebd07dfe1b2a5caf418fe17bc38ae97b08b980ca6f08b75edc6566f00bb463fb4e8b31777a0b6d04dec647c6cbe2ed95cb5f726b97c4b6651ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a9486b16-480d-47bf-b9b7-5b6a5413b8b3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c65ef70d-1b55-4a59-8e85-10b5281db701\index-dir\the-real-index

Filesize
2KB

MD5
d93793c58b4befe0d1e6510717eda715

SHA1
3aaa8c0f2a29e09be74bb94b0fe8f2ef1c925ae4

SHA256
1b48bfcfc8065b96f2428717e2b654364b6cded25d9be564a2768b65a8e1f007

SHA512
8bbba762fece84d2ab5eb47f7e6a521f081298f66823480348d1b5bb8fb373a2327cb20708a03826111f1e1f5f6fb6e7c1d334cbd5b8433ea4e92832a155115e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c65ef70d-1b55-4a59-8e85-10b5281db701\index-dir\the-real-index

Filesize
2KB

MD5
ffb8a4e9865c928101f8ae33e47d89f8

SHA1
38ce0aa1c1aeb3f0195f71db8eba6a4defce5f93

SHA256
3ffc2d0e6981a443c35a8a2e4291a2b2adbb4567b50e8cac222f6a0f16e81c14

SHA512
3d126cf257f413622b698969db263194189f813dfa6c93bb7d8dd74ef8f2c4170873c0b0c005f57f098b67cdc5c4b6f156dd987b0856adb95066e6be873a366a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c65ef70d-1b55-4a59-8e85-10b5281db701\index-dir\the-real-index

Filesize
2KB

MD5
419ff2454f6aa428ed352e138e323d76

SHA1
0f2f535224830282238dff95f305b8125fc175a2

SHA256
3733ec157f3da615e574a4bfe7fdc0ba079922c0baef5ea2ce9bc804f9049b69

SHA512
da54011db3c86ebb4112784b3d5a5904df9fe0a6a5713f6012b966e83a04b6a24d35a4313dd6fb00ca8d1f17f64507201a70eac229d292079322ae0af577fec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c65ef70d-1b55-4a59-8e85-10b5281db701\index-dir\the-real-index~RFe57f78f.TMP

Filesize
48B

MD5
cd218696bd161e68271f8036235ac71f

SHA1
8ce07480f312f46dbddaf111c2faeb366aefb851

SHA256
83c13f175d417e7aa915e8089085f1117eccf61a0f5e1c0477a075f95f600778

SHA512
ee71277622746d2b53dccac482d51268342fdb963ea5b95805aa873bac9785c4477372255a2ddcdd2ef25b11e3adb3dae2de1328623f81a8c61a72484fcfe1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
57c1f2ad432c30b05b233a8ba5bc77a1

SHA1
4a6635089b86f3bc20a5e79466a0fe4ce40a0f82

SHA256
297efffadb6e2f80f7b060be09765ed107556549bb72f7ae206cff69203e3bbc

SHA512
232c19ba7effbf0bbe4f46726e714db7bc6da61c57e107a8cf325d0685116f92d445dca51ded2137ec96e315d5b174df08329e9dfbc4742e87be9004b7a7a392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5df2907c44efb1c7a5a90cd653a1ca02

SHA1
71c3099319d15636289bce3ef3e80321623b40ce

SHA256
fcfe6f304da0eaf3e6ce3e27654c1754c7b47fe8fcf8bbe06fe53cb734102275

SHA512
c85d342cda79dcac5f9669f5e78af93475779ca36221c4791c8e170eaa16997cdd9baa71eaf3bd7e6052d68b8c5f4aaf7c7efd717ddf843318e9a9e2f0e47a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
7d4737c4ce43dabb5328012dab3a5f1f

SHA1
f975178d6789cef844c632735332deb2b4a9c234

SHA256
899aace430a3a5f488721d2fbfadb5beb3b55a11bb6ff91f9096896cc712658d

SHA512
e38434a4ef693b04380c74baf929e66cc4d19caf14b87c3cba26a01cdbd214232cbd2a8c4c59dac21501f6734cc4370a047d477759e8f4d8f444832e7b0bb840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
4c040481c12c13b594753a480b2a0847

SHA1
978523842033061417e766fa589544e612cddb05

SHA256
176d01aa20fbe05e8b4bdb5ab740380de289d628089be5cc9820369c3f37b191

SHA512
ba37cfa856a3c1901aadde094f1fa102f24ef3badcab0431a95131dbf9c68e896f8583704a6afc2fbea32126dd6edecd2db7117350c89fb1c9e6e1714beae0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
ce549413ba9141e7e55133cdc0d042bf

SHA1
2cbf7321c6cc0f2493a6360b31e99c9bbec09791

SHA256
81f83d668c38d3f18da989d98b778d30b009e3cc6bfc6ccb916c1001bff49da9

SHA512
1c4e1fabb843ef501956fcc9ad8fa1d58929131cd7ba337e19eda8e1780ddd3f6653567fdb933aa83f96cb47ca72a1b55011e55e2733e8e7213e6c1e15c5bf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
cd7d8bf2fd2cbb862c474a3cbeae3c81

SHA1
b3de725fa9139dfeedda1d2b5bba9cd6392249e7

SHA256
f2e391d6f7b89bfd71cf79d6d654d8435dc693db1418e1cb9cd721b40bbcdc13

SHA512
d799cadb9bc06d28d85dfd09edefefb91c3019e545dd550007a6335836e65ac11ceceb2f1ba1be18c64f29b019032438eec6a7b5877f07cc5f8e973411ac73ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
aea4e830097b55c8817611bf7de61354

SHA1
a43ac04e82a87492c91bd8492110568818252b99

SHA256
30c91a28dd730f6a9d6f588528acd748741c046363a8cd254fa8122fbe98562d

SHA512
93d99fcea6cf23a2c28236d26b910b4dbcf788d6eaff9b8376827e0b77cc7b4d51cc2cbd9b498ec8d9ceb374157679cf610ae22b8ef044aebda19ec223ea9645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e2fbcee0336e0063ca06f53a1bb8a29e

SHA1
0552eb95857253d0d69ade078b68450bb88a007e

SHA256
5d59e930d7b152b2090704688fa19fe7f4dc8996bee8142c1d2494b4d9563078

SHA512
155f9083318d7f922418ad7df72b7119db7efa634b9f3e793e2ebc4d501648908fd9d811ef4bc22bbc4f0304cc8d0c1149a1a8cf967aeb40ee41a3117c57c15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
07154003184763e0ca2ceb1e8ca49b3c

SHA1
bc7db74d8eff3517340a2d3bea3f64b8db0476e7

SHA256
25f72f3f7014aa94af7d885a16d7109d29149aa66ddae6fa9123dd9257ffc530

SHA512
8fb3ff2db6b5796d357eb63e76889560e92500c63a1d2c76883a433a0860a6bec3b8ea741f8ca324a08ef996f06ca81a5d3f28fb0253b79632c6ba5d4c33cccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
95e79faf77975164da8104adef3aebd0

SHA1
3e786f22b80c7bf8a90b3fa073d6aaeb055eeb48

SHA256
a2cedf16a09d41b7cd5a7cd0af9c09c231dcbad3c1a32cfa3fcf1d7a7378d70a

SHA512
bea9d62136c73b751f03cf5c56619edeb69526cc3b2e900922f6bc5d5f479d15bc04491c57f9cb8ce40ca0e51f5352e9be0332af595a2da4d4e0bb8080db69e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584b5c.TMP

Filesize
48B

MD5
0b61eb6f48ed52a199a551176803d83d

SHA1
d1b26d95e8375a89337ea9d6ee783a2f4be4b445

SHA256
9defbbabe64608fdf2a079c33d3c2c0cce17c25f17ecd90472ddb1fe68467c64

SHA512
54af3a3a2e9b6e53f0ee5d17c9008347b2fd82a7a3d0b3ffe7ba3d451a361f3b4f41a6dad7983f8d3e9bb2c3c2bd5869c60fb742ca2527976a22b3096e3db50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e81eb020bded67348e7c6b0d19be34e9

SHA1
5347b812e5908d4045745bc8a07d130bff542a15

SHA256
115cd798e342537ef441d40427ec2d17a4abf9e8417e819abbaf1575c93e94a9

SHA512
d975cb5e0244e3448293ebaea5bb0df517ef3fab08726aea537b3588fab71d20f7e6426ed82bcbababe01f7236d677897df66bc958e02c17d3d0efac134e6f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e794a9f67763097c49bbf43ded98ca25

SHA1
34672c4297bd5ceab22616c91d8ed7ade489cda3

SHA256
bfb72d98f34df5a8d9f4e3d09573b3f96f15da52b6197b63b1b8c0ca7fd43c10

SHA512
c7030f89917d5502da0f1c167269bd3b6cdaa7c331588bf6951b6d464e6f36e194f557e80846c28483731e6a5cc12e2d5c71e7a57771058ab4efd586f4d8d062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a8fb27d64d9541d50116151ee2baeb92

SHA1
7e3d24dc048dd08edf6df6287b3d554995b4cfbc

SHA256
c205157927020404c82c061a43a9d20b8be8616c63895c964123597062d3bbb3

SHA512
ebe6012e1a19100e0e5d4bb06a66e10c20c86dc612d221a77926131f3d8dc55049c4470bf17fb4412862e3943a4a363785ce2188ae47917bb974a6d0fcd84198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP

Filesize
873B

MD5
e8ebb7d784e8d514fc57e0b0617dcd94

SHA1
4831b6885f888c24bb020278df32b7657a258d40

SHA256
be5cfed0d83e3925a5ed9557ada2847e33e12f4f79120cc835688797f1d4d734

SHA512
af7b7bc1f9e5ea2d7b83eca323231a477e2d98bf2444933c20d708295a951cd0d9260e9e08a3725b3caa392f32498f8bf259e2aead2c1e8702a245068aacbe61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit