hxxps://waveexecutor[.]io/

Analysis

max time kernel
196s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://waveexecutor.io/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
740	msedge.exe
740	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe
2928	msedge.exe
2928	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 4200	740	msedge.exe	77
PID 740 wrote to memory of 4200	740	msedge.exe	77
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 2852	740	msedge.exe	78
PID 740 wrote to memory of 3316	740	msedge.exe	79
PID 740 wrote to memory of 3316	740	msedge.exe	79
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80
PID 740 wrote to memory of 1016	740	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://waveexecutor.io/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7c973cb8,0x7ffa7c973cc8,0x7ffa7c973cd8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1672 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6756 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,13299096926847776702,15607878121734473289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\241486cf-d420-45cd-8f12-35cd4d2269fe.tmp

Filesize
5KB

MD5
4dd72489c1b1de39da7a1bba1562282f

SHA1
80741ae2d2e1407f3e82a29aff3003520f376b4f

SHA256
704c097a28529201f1b918d46bfd7cc5960488095aa5e0b6f2114c44272a9027

SHA512
f04aa2c5718ab08f1e4a2437171aa87245c7eaefa4a04d110f2fb494a2530966ec43e135bbc1d6ff2027dab3050453e0d59fc32c539eef7ee13d036b51cb043a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
49KB

MD5
b663180cf99d3cf107ff6f080e95ede4

SHA1
66097c0ed23be3fabcfbf85c8f87dffaeef021b2

SHA256
07e3644db3800979d080a5f39a440052e9dfe64a18cd22e7d116115f35476835

SHA512
826faf8462984c36d3c85063966b9c5e4c9e075419d2ffec184fd4e52de04d22a8dc8ab504161150286acfc2f9433bb79d10429602d6d4ceea9cd72781982398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
32KB

MD5
1840738f6a30ab64c331631af651afab

SHA1
341d63ce4669667560af1947b8eebd5e60893d14

SHA256
e9b37821847b656098f339094063c942fd9ae873ce5c16172d805ad86d1563d9

SHA512
3f54e4ee6aa95a2c359ff370d84f8f56e67154f2e32103de43721794dd32a1e1002c5922fb20b523b50915fe102318f37a5448c8c0f8e2ff8f8d4d1f218ef9ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
51KB

MD5
486a1538be6ac76340366ee8145bb1ed

SHA1
ced10fd32cfc7bceaa9157f9c32349ff3e0a6692

SHA256
d60e4f09febf09ffee2852bd79950d197f835c7a892fbeba8d7ffc54cb2b4aec

SHA512
2379928b0d586576cf714a37c1c3f3cbda63de72834a1c69537b2a6535ef6ca7b52ef7e4e0e39ad1653fcbc6314ec6e00276bc3ec04c4a7e116ddd45a45aec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
103KB

MD5
d78e5efe0b6762968aa65b820872234b

SHA1
74b95e1a5b1d3252ece79c2e3d55378ffe5eb5a2

SHA256
9e7a9bf380a9d7deee2f87e580b04b34a99709f17216fe80d2f75a6637aa16b7

SHA512
f8d7e1158f5218e9003fdf49ea56488aea13cfc2dabce8b6e4fbb75fc5748acfdf5b827af08dd8b462586473494c4482c384afe4d764ef87d382f002f7d0b88b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
149KB

MD5
2f3071256fdf2daceb149ef5fefa4f01

SHA1
19772b631273ef6b694c96223a8fb38ff17cac9a

SHA256
f4db6c49d0d6138add1f2a261500a39bad178272b4a7c96eb25c50e6d47bbcde

SHA512
400beee6469fa6c0d2b998502b55d31a0a7d13aae1fe44ffff92511f74c2598619dd676adc9249d28275cbfd67638b18fa15324a5bc9edf0fa960985a95bf875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
136KB

MD5
279d8d91e4537155c6c6c837dba4c1c5

SHA1
9403568ce2ea163e9a9ba7403025589141fad3a7

SHA256
13e1dc29bd93c730b2c7ee3d8d59a66d6d8e11795672045759449b9efd84d3fb

SHA512
91d836452774e8a62b9c7a2a73fe6aa596d1b7fec252ba961b53bd9bd09f20cbe9fc48b4872ad472457251e86556332982e514f59dea7c55b68f0560bebca82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
52KB

MD5
523a377ba89a29895c48d7e2c51cf9c2

SHA1
cba654438f793d19a4f02ef31c2f741894b4d6de

SHA256
4f2d7e55de589849763695ff7a3b132b8468544cee20db53b549282c8b30d62d

SHA512
3d3088f5712b18fa2539b7e8ec9b063a0f196aea1effb0df51dc18c0986e2dd8412db3018efc59cf1b4f9c2bb613d6b26dea8d1b94039ca5b7a418de9fab7c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
f730bff0cf8edaeb2843488eb25f2871

SHA1
f911d18a07b3dac9b6cbb8562e4589fb034bc31c

SHA256
e21091eeb35a537a27bdef9bfa0952083e2cc4bf8fd622b8bb5d4757f0eac12f

SHA512
6f5b0a66135b227f36cbbf4f0a2c5af95887a92ad4b59937cd1168d35fefa8860b2a08364f60f788b52c19b49bef3282edc70ec63d7b5b29a8d6909d3aea0e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
21KB

MD5
aa521e4e4c27306805ee2da1706959bb

SHA1
f2d27a4dc1eee1b9abbc241f7c20678c03c9e775

SHA256
ffec638750b623b96d54bad5e22d02efacf39d617e92747f603ff21b57da9b04

SHA512
b964d5fe188619ce4b3aa1493588d501bcb464ff574d4ca3b3d8ad34709bb279b689d386ca2b3658d1caa04d022b82b86af01dec6d811bba8e0ce34fec6ea3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
63KB

MD5
a5cc79fbd666432c461daec09604f082

SHA1
9a3df93d85aca657c5c8b60f9b4063128319647e

SHA256
9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279

SHA512
f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
4bb71581a47e597283a0da0f6bef0eaf

SHA1
536ece5dad210a9ad160eb1243f836ab18482410

SHA256
045771bfcf6c64cb008723fac614aee762de1c3b0f8f2e9895a37c788cd33966

SHA512
e481ebc6878a88a0cadc0123e5fc56ebfd549cfd76df69ef6d976c9015605b7d75092321f7f49d8c61cf611f3f9a39c96bfee995b7f9be3461f44e5379b79d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47a1c6cc964dbeb8_0

Filesize
68KB

MD5
410a2798a1fc24f49c11ae7bf8166712

SHA1
0b4644151ded523822d0d27b108ab0f3de147887

SHA256
634fc9a37fdc514cd8fbeb6205aa34dd0ed5f01bee1944fee2ea4926346a44af

SHA512
bb9e69353110c1e13d0f66880babe37dd7812e00a4e5f8afc49d7f67a0f8310cf80eae9e858a3e09e7214f608d32d798dd57a36fe30c108d4c6b57cb460cce48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69d50c199b7bd700_0

Filesize
328B

MD5
12e894fcf1e383668ad2ec8243422103

SHA1
75f6fa0021f9c5c31a3c84b13e34fe5a58ff0cb0

SHA256
7d7ffa5a7ebbda5b6114921675b5dc83b65c71688e24f154d5878449f1069640

SHA512
418d8285a15678dd7ceeca7e0faac9cbc1fbca96ad76bbc42ee65558c62c8d211cec689b32eea6d7bbd6bc2b0b66741d2dace55e458cc7e99d348d2144edd3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ea6596be6411273_0

Filesize
32KB

MD5
f4401cdbcd0aa7272283a17c3d1e40a6

SHA1
da5c269d8daa5212f7072ccdf7c3975356396932

SHA256
3e45efea20747b16285917f697c7a25d991088d251915a4777aeb7acd6e573dd

SHA512
914f525de14e118e64134990c6989d1a83a4fc308f1ccfada53f38dc2cef7a901337f036070ee4f0d418f23343f0534b196ce26180065b22f5634a9dcc6c457a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9b301bc3add123a_0

Filesize
3KB

MD5
a09c8ad30cdc97359c5eb8e7e98ac33d

SHA1
2add4527a05abaa637c05dc529e57bb8bf621e52

SHA256
9faab6dcc266541da5920134ee8a0a25b0f57ba22452aab862911f2354012374

SHA512
a1bdffbe77d5dd88719ca2ab0d6c7c6d3a634ef00c3e565a90d37b5f9cd0138699ef7fef022dc34a1c90f2ba0779a035df5d39202a0f5787c596acf913f39a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6df98dd2789d77b_0

Filesize
3KB

MD5
f89d1bfb7bc80d33ea5953b5baf22547

SHA1
ac526930db5c9026944d81350dde9fff1fa0f9d9

SHA256
98ea14b260f64bfc3db8fd7fc5ef793de2b27f09439125f4d97bb5c0d7cf200a

SHA512
837e41df54bb9a1b7a34d8afcfab698289ae5bd3627feba830e657074fe6ad9a2282f6314a668a9c521337d21c10b1d053712235ee792a434d481f87c230ba1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e39f68619595628c9ce199d2fab23c3

SHA1
2cd112df46318b7ddb21344ce5c2149a950cfbed

SHA256
07c26132a39d4848093b0d45455ac415d90656cc3bbfe27b6287a6952b7de810

SHA512
b415820c5a817c19bc312c9311b92fd99992f8729e41f71efd3e572f49ddf7a0221377e21067446030abc91eb203c3cbe82d81dccb69187f397a4f10257c662a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ee340deee91ee70e7e41f3460b7c141a

SHA1
8e9348156427ac1570a59958db692e0a2ca3bdec

SHA256
b5233859d85ae4a0ca4c0a6cad49e08a8355ffce75622a785c1ac7068302627e

SHA512
266c533023c6219a76d95eaaed1974636b596081aff0c4b6e76d24ec10f3086bb6e7bd3f25d24e9f2b87910bc529feeb8464dfa1ec9dfdca0dad7dc0fba26053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4757fe30069d49fb54b7aeb34988fd63

SHA1
fb6c5e0153175f8ddf15101e8444b4be429deb61

SHA256
7ce292ad0683a52821beef6ae33daa842954f5b493932ba633e3d78c6cada94f

SHA512
29ef394f1aec09d47596556d2d9b14031e1400be8de0466c01e02bab510e069dde0d430bc95d3eb348b48416a0f29491d751708ad507ac75132e633dad600296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
c9c7bbd00d69081c6268b4d95814cc31

SHA1
8b45c1324d7fd7562aed64ae5cef6c50c5311c73

SHA256
317b7636c6bcce5f86f369e5ce9937ae704be1fb16931b6258f4c336297bebb5

SHA512
958d796b466328b0131424a712b97232ad4827dfb32d12a54847acc27fa99b2a5928ca9af33baa94f5ba5ce43177403d9717628b7a4bfe4c61042b8ef488cbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
d59bd52b2fd0dd8d0dc2f070ca6dfe95

SHA1
3bb30eafbc74885a71edaba77745bc4fb090f547

SHA256
7f5763690926f471a26fb64e3eabc341b683cec379b1e7d8283c53602706c416

SHA512
5e00f007c3acb2d60482c1229e36e048020ef76ff21920a3c36fe516da04082aa46b342030d66973d79dde4b37d66c28f455f1289954f4a826c68bd7e580b961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b261facfa4ed96dbb3fae924d5070a61

SHA1
b7f566dae70620c85d31b2c9bf1ebd488fede9b5

SHA256
86f077dd7f6c0a995f6258d1fdeab397445cc6094b6fda02ba85ce1ca8876da9

SHA512
aca1c71d21688a343777b996b56cd9d2f58b21499f55ecfd59c6df715cf2f6337aa577d159438d4661a05aa599029d8b23529857f11e89c7232c100cec9deb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3334b98b149dec4183a9df8a022f31f2

SHA1
dffc0c23d9846917b037d4f3653dfb3e22bbdca8

SHA256
04c9bab85f8fe9862a076aa58e9cc99d36863bfb480309af7bf5e27c4f68cbf0

SHA512
b8ee998e6235bc09cb1d4ac6d4d9c04e0c181d2066f0dd38fd1309b88e1613bdc2ff7a5c0b3f4dc5fc6997a4a5afc4fa17bf6a112adae4d28c0aa84c252687a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e2a9040e895f36d87a21ea9313ba3fa

SHA1
4e1fdf5906b41091deaf0a5be7970ace712b5cbd

SHA256
0ecf3e726834ecbaea977c612c926acd247be0b65113c1ff1534afba8bc8e14d

SHA512
3bb35fa931f12f5ef6c0b269f9233912c6e91f31ed8204ca007d93f7c143c8b15d275cf66a2e8a1f4b4923c5f35a3c4da5300b28aafc4278fa90bb49266b8840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2bcf2bee536ae8ce717b0deda6210075

SHA1
7809415794dc75d49bdd2fa2ef3331279fae368d

SHA256
c083cc3b61c10c141b81230799aadcf979f244f54c23b1e57ec9d04b3f438ddb

SHA512
d691ae2e19a7e1dc0dfaa0f8410cbe4590b11be4c84af1db8aa705cbcfc16172d43a1fef6d7db2a0a375bd14bf86980030e33f09a25b41d7eb9433c5c34079a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f864ef39e0687db0271e03d0677ae28

SHA1
bc067ad5dd5153bca1eb9f16543f8bb446baf2b2

SHA256
bfb7925e55326752ff4cc0f27d501361453abc9964210c03d9b0474deac9418c

SHA512
db7122fe82762021abe1119ebaf4c47c4351a86ef8c95b63b6a58b99c4bda2d68f874d4e023df605cfa0389343d9da44e27b4e7bc90f3c042eceadc02e2c001d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
4e7b03f524374c55091fb11aeeff00c4

SHA1
a363622784f9616bc2cbff16388850e781b32d2e

SHA256
682eb0456f28cb2e9688127aac61675721df136ce95d9c2b62b7cb9b18e65f74

SHA512
0cc5cd431ff1eaaa74b7bdd4ca438d3f4600b0c01e4e87efefd27d57a54174ac96d696fcae6469e0a516d0a717c3b80c2386f0564b8cbd9b22ee28644b969196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
aff29e6d13d8b64d54e7079a26fef6f3

SHA1
3b1fa4938a912ec4969d42401f863adc073daf05

SHA256
25e61e308e4d80357e2123bb98384de0fd7a4237864e75f262213e9cebc0120e

SHA512
44f2aac325b14cf3d485ad98a4ea1cc20dfc1eb7c32ea48ace61ac209031a841ef9b04fc1813c48f80ac5427c6115f0aebd777191ff9ec3b9c9329d860a4483c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
833a27189f1a801c0a8a3d562ac0e9e5

SHA1
917a73664acf086acb51f2720ba178167defe99a

SHA256
b4322ec463ec58470041302451d00fa98dfb701f1dfed8b9ddf3c2ff6e1ac00b

SHA512
ad562d25c6ed7c0f655e74dbdb2af55f5c2b955e03d7c51b3af361dbc6eed2b842d10ffc3269815372e0e5780b2bd766f0d1548123aabbd02ca16057634ce487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596603.TMP

Filesize
538B

MD5
ef49961bda3e14c9d5b2cbd43b286bc1

SHA1
34049fa4aaa4248699784b404884145f2c823b64

SHA256
8f99c902e537fdcc15349a65f9c58a4feeb74cfed42e4f10d7df5390334eb90c

SHA512
d80d7ac2be9360113f45384be4aeb30f8a201e792194ceefed042b1f862d56a6b35ea178bff00b56d7d5c642a25f72faff721dcfe71c17d45ea7dec2a9f5c555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
14212adc6110239971067d41246a3a94

SHA1
65f843622f0069cf92eaa1861105bff77a44bd5e

SHA256
1b834673c70107c11d88faa4fc12f392101aaa283adeb9ec9afd4e3e15a39d6f

SHA512
e11e98e9aae3796f2ff7929a38df8e0745fcfe0100353263b272c12431a93d36502c159c6914cbee60cca9201a482708fcc87b8f53f28b48f37e860c1f166a83

Download Submit