hxxps://waveexecutor[.]io/

Analysis

max time kernel
367s
max time network
379s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/09/2024, 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://waveexecutor.io/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
5020	msedge.exe
5020	msedge.exe
2016	msedge.exe
2016	msedge.exe
2872	identity_helper.exe
2872	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4716	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 2948	5020	msedge.exe	78
PID 5020 wrote to memory of 2948	5020	msedge.exe	78
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1988	5020	msedge.exe	79
PID 5020 wrote to memory of 1580	5020	msedge.exe	80
PID 5020 wrote to memory of 1580	5020	msedge.exe	80
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81
PID 5020 wrote to memory of 1800	5020	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.io/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff925173cb8,0x7ff925173cc8,0x7ff925173cd8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4076 /prefetch:2
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17753298268826194536,3724443040746715438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0487ced0fdfd8d7a8e717211fcd7d709

SHA1
598605311b8ef24b0a2ba2ccfedeecabe7fec901

SHA256
76693c580fd4aadce2419a1b80795bb4ff78d70c1fd4330e777e04159023f571

SHA512
16e1c6e9373b6d5155310f64bb71979601852f18ee3081385c17ffb943ab078ce27cd665fb8d6f3bcc6b98c8325b33403571449fad044e22aa50a3bf52366993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5578283903c07cc737a43625e2cbb093

SHA1
f438ad2bef7125e928fcde43082a20457f5df159

SHA256
7268c7d8375d50096fd5f773a0685ac724c6c2aece7dc273c7eb96b28e2935b2

SHA512
3b29531c0bcc70bfc0b1af147fe64ce0a7c4d3cbadd2dbc58d8937a8291daae320206deb0eb2046c3ffad27e01af5aceca4708539389da102bff4680afaa1601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
21KB

MD5
0d2b9578b9a115be4fb928c62c4beedc

SHA1
93013b18649a0ea0973e571af7ba99131ca32f34

SHA256
de369635b20283c14ae8b6d0d3f9eb0b7d9d7c0471144cc78e366d3c8f5e12ab

SHA512
1699cb781f0d00236d3bcf2c30f37d2a3a604e34316105985d5ac48ddc02b61064ee3b22363addea2144f562adccef7e77bce09d8431bf9e75498bcb7636e3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
6c5eafccab3cf4e6b92dfbff01d675ab

SHA1
b459c7291910290b6c4a3f474781ea39ec8c3748

SHA256
bb862a8d484879925abff843e123e31149cb908092b0989fd9a27096c251514a

SHA512
2f626cca419b583e1dc84d30b9013e395937db596a299385a0f78700eee35ee39743ea8cc9d1d7176f32f0ddcb3c96b585d5fa0909571f9a883353b39ea55563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
d55732ab91dfe9e8707195329d503d26

SHA1
97bdab0af8b8e655531c05759795be04aae9e345

SHA256
a3f43c854416087ae342c48871a2c91d064b270493015435fedc920c509b849e

SHA512
1bbd9a3930920a2b9826810873c23804527c0ec7ef7182017830769228b69458fd018dc90eabd7ef2cfc03c193e27399c47d98fbc3ef821c4d8a11f591b11770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
57d7c961692b0eb210eb9c60138ea213

SHA1
f0e8d253da94538cb8925af3e3f686523da025e0

SHA256
f0f56c563e0360142a9e1817f7767d847db1ca71d4af6f5724e409fa28f9d8f6

SHA512
d6aa0dea23b31b1fa5171a991ba44456542217ddaa6830ffcdacaf23840c63f4ff288a53ec47c9d20561d36aa912afa360c724f8e46c0e660cdebb0dfbe51301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a7ee37ebfc9144d4cb8fd5d0b6f72f97

SHA1
6946b7a3976716aa9245e3fd431a930077c417a1

SHA256
32187783337ecc4e8796353bbf0955d8e09e0383bf36883d3ff9c7ee05c7094e

SHA512
44ddcaf5c476dd30004030bac89201f2371110e3ce77a70d24ba9c88eec9b3ec80e7763f4d474ca56420a7d795538846d17cb441ae3dd217df03f19c7c635ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9a0da4e6027bbb9db9a77eb18d6269b5

SHA1
b309be5dd7c46dd7f6a308d75238ba9de5d8a2c1

SHA256
89b595c17a84f2bad55b2902b94725d8a1e076dcad5ad866134054643221d9b6

SHA512
b88363b4efa5342b9786e4b72bd31d589bb20de01573ebc1538574535b7bbf421ca31339f6a5a8ca47906bc651465f4a07b5f68f58b3ed799aaccbf41cee2b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c1c9f94cc6aeadd2295ae97116a1225e

SHA1
1e7d45ac37bbded5c9a658e612760910a24494f7

SHA256
84c79456036e5b5bf7d26e77ef3df241aa72ee22273d0e99c3d2adcb0db2999f

SHA512
c0309804ae02aa21a418d220e8123b27111c02940ce55dddd13d2a08b749f91b6f6b7411af6be0368c90a2f94f1f8e7a294a46026f0b3f8405d103e766e23ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
87730d118cbb42b4f8c53e87381de833

SHA1
2488343050a9111c8fc648d0bbdbe57b12a5f95c

SHA256
f93aad3980a8545f316010c89f691a81c4dcdcf8a1f0475c8eb14a9163951582

SHA512
d444ccfc46a84cc77216a22602c60cbb481da05ddc1ad9936dd2bb3691f3dffbaf74ff3ed95c08ef5206812e1e030eda0271d435144153e03ca8f1d83cacb31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae8a3032d89249a55e778f677df0a5ca

SHA1
c5a540bdda29058f081066505bc526aab4217794

SHA256
a62ff551663daf51c70dce528415c782199b07e2ccd5e2085087a15b5e27463c

SHA512
d7181e6e5b611e69e28c542a19d563cc24f43a3fbbdbd1a3a271b76ff5c3e0dd3747cd417846f7a0821feffb7f24f342818819a94d304a66ff1066652227f110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8788a7c7d15be763e87694779df3a9c3

SHA1
887e85988326f1ac142c2606d7523e21cbe8aab8

SHA256
0d519daed2ec1112e961fe6107818829c14bad4f5ba2e723a961798d920dc638

SHA512
043e17d7b375a4be1bb18d35da031f9056e91e84989356cb04a48e2ee93db48b60a518a56f59f9fa58f3f6c552908d7ee1ac73c8abd733a8c133ef5cb8931443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
389096277bd706c7832140d2973e5b4d

SHA1
c1adc2b8a1176ae5d7401925e30694049fc36043

SHA256
44a3a5ccba67bbabd4ce35a7b859c715bcaf4d44fc13180f014a3abfaf448475

SHA512
ceccf8312d432efb4d3280d88d73e4e79ece781e4cf7cd6b6cb4c5457f6ddf56f841e1e114c3fa1418d2551b39315e195ff6ac7f6d1a747676c0f15bfb5e9420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0089732720875884f2d8fe6988828d8c

SHA1
ffa813e5310f5bc6c19e3326bdf0fc1022bfefaf

SHA256
aa454d6c521a6f1e57f58590ba78d40e19642e63d5ad7d3486525c09d0ff0c2e

SHA512
c4aba643ea7a8139e04c656c7aec8f5c08bf20b795160faa443ed3ea47e869edaab393a5665dd0b156afa7abaea87bb92997983a4f02275735ce880ca7c9e148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
cf83e909d42d7460e96c32001a4b6cf4

SHA1
5d100fbc6ceca2184409e73a8459e23d0b1e5fac

SHA256
bfa70ebe2d0cd8b8dcb5472a241b7e6f60c31d5e9f9f6ab97402f5e96e6adac2

SHA512
0c392e52ec5d3740161bd54146407e236dea7a8c4ba32bdf39b746a6334db994eb1b6b1eaf83de4ea62a9e44efcc789eed55fcc941af67a986daa4e3ec2f2f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7188.TMP

Filesize
538B

MD5
39d451c8839f3cc2039014eca78bad7d

SHA1
35043558f73d04d85211b6c932c6fd2862a797b4

SHA256
4f05de0e8a508f33a8dea1381223d5be1598459038df4fc565d9566ab0bf427b

SHA512
c7bb2ca2c227044db9996e29dc61e357ee349d794f95cecc2e47d78689ef1e2aaeb21f170d5bf1808dc6d83096797c9bd58f29bbb807e8a6011502900823c441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
337b7dc3cf4f4753da2ff04f1fc5ed1c

SHA1
7ddc4bcb26d2686f10ce22b876a827c66fd1e2dc

SHA256
7c4e9cc1c3b782ae5eabd13f0c51346849d66a6cd137599e5ec983b9c29012c8

SHA512
0a05a0eae1f5bfe5afded767e9f7140dc8a9aacb6d555c80c23729247e63e886376ad73f854f1ea726912d53655a9e9fd85c5926fabcc1d08faf2191315e7e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8aec00e9eda779bb263a4cc7d0a69a61

SHA1
7986232bd424778c93aee587249ba6fa9104bf15

SHA256
3d70c39a637c22b1c40524128fd4cd37edd895a09c00184d482402f2d5e4f6ca

SHA512
e3164f5bb8ce6a289bc47b0429b45ebfb761bde3bb65592ca4ca680f4fca08aa67d6a8793e8234be8806b68ffae41422f2b5ee66845aa8315ff08cdd527c381d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e4b8d78668f72a91e19a4db344fa15f

SHA1
ba5e7b13f86854da6bff39e84cd08264a505e390

SHA256
531a96a529933ff50b8455e467317f0112396e0479ef0297cd7371b09e3b59a0

SHA512
e15040f45f501eb282323f7a33302aa3273067a994d1a5f52d703aea694143e27fd1eaae6e90d153d8bd355f4f004d3394bb4a711519b712276475ba2ee384d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b2cd172dfbe7d79c996b63424a1e3345

SHA1
7aeb9004c0bcf271e2a80943468ef2f671eb3f0a

SHA256
1a79dbf1e7af8393519e17724a59ba75f51596bc8114693004c008cb4110f989

SHA512
7830b44fe28b4e6bad29d95d68ed4117ede7c7f2f73973db035b5d9764a36e96e79cd5d96222397bd8695e3e092b2895f951b53e05fb8c81e48b09d848f69598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
466725f1fdf85a14cd253efd62bb2e9b

SHA1
3407788de9505951c47b6987c5b0f2b7f07fa8c4

SHA256
cff47f2875925af6d0b2b5437ac7b9bf6b9861d5f2e2c43b7026c6feddfae5f3

SHA512
7e63524582a69ed9b71a617e475e54f0e7279dea9202967aa223bde0f04bc442d120c7099fc71b0a38179499c951ba2423f94e715dcd2353e0ea1f244232fe7d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
06f54da138064bcb87a50ea5796be0bc

SHA1
149614dcc0cc8a15d12e042639d53d364b692f5a

SHA256
fd00cc98658581a6d166ce94e14f68079c4a2948db69e5ac60755ac8c50c1f50

SHA512
530073a003f19a93945cc2d663cd395744c98b3d8377ed6fbc237be0b42b7ec23544fe149435e3d5d47b8d385c2a9bd1e2605222bbe2df0d3233edf10550202d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
2464a58269a134f2979060e336390b5c

SHA1
31d3185eb35ec0ccc4ad52f5cf0e278183315dbd

SHA256
554d683b35a8120871871ef5733e307f50400a424889bc1caf8b4375fd3bfc00

SHA512
9d93b63d2e7d55fe88bf6023db7f2c4581ebd9b03e2a17abe39b381eee19ca71e5f2bf85f19b022afe06936d2089ef1c5eeee0607ac3f8d1e1657560afb8666d

Download Submit