9fffea08116948a80151baf5271b5ba94d54e11d4c9aa7315591626d11ac0242

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Beatware.Internal.v1.7.exe
Size

8.3MB
MD5

1fbd8db9291a9ee4622ee2accc493ba0
SHA1

66cdda6c2789202f6c5f92a4e9bb970f3e095a9d
SHA256

9fffea08116948a80151baf5271b5ba94d54e11d4c9aa7315591626d11ac0242
SHA512

744f62ebc60cbe7c9f23c64e5e98c5309b673a8ff2b6c743bc4c27655efcdb43ea68474d6f39160adf74baf65c5036f8ea17b73038fb6ddd04698b5b1cdcccc5
SSDEEP

98304:mn2ihaZdUjS6fzR1vQ6cbrgsihQ4xbNs8kwzXRuLHJD1UQ17VOhKMVtOwwMltcc:O2i0IV7RtQhihDbNs8VRORSQsKM3Hwf

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/1416-2-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp	vmprotect
behavioral2/memory/1416-6-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp	vmprotect
behavioral2/memory/1416-178-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp	vmprotect

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

40 discord.com
41 discord.com

flow	ioc
40	discord.com
41	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

Beatware.Internal.v1.7.exe

pid	process
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe
1416	Beatware.Internal.v1.7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

3332 timeout.exe

pid	process
3332	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{53BCE86E-B1DE-41B2-A57F-216C6CB40F04}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

Beatware.Internal.v1.7.exemsedge.exemsedge.exemsedge.exe

pid process

1416 Beatware.Internal.v1.7.exe
1416 Beatware.Internal.v1.7.exe
1420 msedge.exe
1420 msedge.exe
1832 msedge.exe
1832 msedge.exe
1204 msedge.exe
1204 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

1832 msedge.exe
1832 msedge.exe
1832 msedge.exe
1832 msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe
1832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Beatware.Internal.v1.7.execmd.exemsedge.exe

description	pid	process	target process
PID 1416 wrote to memory of 2408	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 2408	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 1616	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 1616	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1616 wrote to memory of 2844	1616	cmd.exe	certutil.exe
PID 1616 wrote to memory of 2844	1616	cmd.exe	certutil.exe
PID 1616 wrote to memory of 4080	1616	cmd.exe	find.exe
PID 1616 wrote to memory of 4080	1616	cmd.exe	find.exe
PID 1616 wrote to memory of 4828	1616	cmd.exe	find.exe
PID 1616 wrote to memory of 4828	1616	cmd.exe	find.exe
PID 1416 wrote to memory of 676	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 676	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 1832	1416	Beatware.Internal.v1.7.exe	msedge.exe
PID 1416 wrote to memory of 1832	1416	Beatware.Internal.v1.7.exe	msedge.exe
PID 1416 wrote to memory of 1196	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1416 wrote to memory of 1196	1416	Beatware.Internal.v1.7.exe	cmd.exe
PID 1832 wrote to memory of 2804	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 2804	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1820	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1420	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 1420	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 3572	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 3572	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 3572	1832	msedge.exe	msedge.exe
PID 1832 wrote to memory of 3572	1832	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe
"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:2408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
2⤵
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\system32\certutil.exe
certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5
3⤵
PID:2844

C:\Windows\system32\find.exe
find /i /v "md5"
3⤵
PID:4080

C:\Windows\system32\find.exe
find /i /v "certutil"
3⤵
PID:4828

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beatware.xyz/discord
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffb1acc46f8,0x7ffb1acc4708,0x7ffb1acc4718
3⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
3⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
3⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
3⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
3⤵
PID:804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
3⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
3⤵
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 /prefetch:8
3⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4888 /prefetch:8
3⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:1196

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
2⤵
PID:2216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd /C color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5
2⤵
PID:3800

C:\Windows\system32\cmd.exe
cmd /C color b
3⤵
PID:1988

C:\Windows\system32\timeout.exe
timeout /t 5
3⤵
- Delays execution with timeout.exe
PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1496

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
c8b02ea7a6da92c44edb81a7b79a5883

SHA1
c99250e286407580dd370fbec1a635a7de8a6cbb

SHA256
bf637568c45c8ffa989626c0047c3e2486912e93f04be40ae8796d0cad6c1307

SHA512
fad98f96a050e2febee46eaeab55f591efdd7e518de951719d06ddd4b2697b5859b0bab59dcecb83d0ff7668ac21db61ddf0876c15decc92b1a78fe10908b174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
447B

MD5
c25e4327be5885c43a4c1b84899f3b0b

SHA1
b9d5f8356ef5ca9fc4b67e209209378805d1cdc2

SHA256
028e241ffe5046e0c2bdb7f7ba8670fafc458baae4508bceed3b1b2b1fb225d5

SHA512
5898c626fba49474cfe50934e60fde4aadaf045a7cb97b692f66576e2e64477ac035ab473b402c78aaa9e9f979dd3b15d5bcdc63537aeed45d08066396a2dc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
04c676e750013923a534fff2c3ede6a0

SHA1
ae3a235f21a8785ad249ed17bbc8468be56d6a61

SHA256
7f4374451f39d204c377c4ac4ee90cd509dcf0844bc30e40e811ceabd9b28b91

SHA512
b987edf4bbdd7ebf729af5837aaebeaa1e14d3e42a953193eb8ad4f3131036ddcd9637a9a34e34d3f537481cf713374421e3e75bda74b6084ea236649442e289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9db0af0f257614467d3bdb75b64b522c

SHA1
54cf306cc765f1ac3c686e0733713739b87a467e

SHA256
6fdeccd1b987b422188fd274d0542c9e495bc18fa6e4f520b63bc6afebda64f0

SHA512
624ad26fb45120bcebdc8a24b1bcf4234b66bf70953acd9038967f76972bcff0e6e210c71590fb36ba97ee94bbdc23b412d6357fde4cb45d8b5ed9a00115f7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
da9a978ef17bc3cc3cc9720145f9c222

SHA1
60f92250d059fc7f0150bff774cfc72bfea3c5f1

SHA256
24cc20e026c2097e82d09422e0d48c66b41cfbe35f9c1a2be3ed294bd092f6dc

SHA512
7ae25fdd54fed7f7bf6933edcc6b6bb10e45b72867d53ed37205f6341b2b35acda7fa8ed40d88a278f4bebd012a4d8fa3bcca9d9b1cf04f416cf8c1a39cc21b5

Download Submit
\??\pipe\LOCAL\crashpad_1832_HOFOYFREYVUHGITR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1416-6-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp

Filesize
9.5MB

Download
memory/1416-2-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp

Filesize
9.5MB

Download
memory/1416-1-0x00007FFB38C90000-0x00007FFB38C92000-memory.dmp

Filesize
8KB

Download
memory/1416-0-0x00007FF7A2085000-0x00007FF7A23EE000-memory.dmp

Filesize
3.4MB

Download
memory/1416-177-0x00007FF7A2085000-0x00007FF7A23EE000-memory.dmp

Filesize
3.4MB

Download
memory/1416-178-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp

Filesize
9.5MB

Download