Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
-
submitted
05-05-2024 18:59
General
-
Target
https://www.betafaceapi.com/demo.html
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.betafaceapi.com/demo.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa63f046f8,0x7ffa63f04708,0x7ffa63f047182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4124 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6400 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6708 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2204,14332632080053223690,13143186771427359925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010Filesize
37KB
MD5ad41c0bf481fc026fb5dd7bc5d42a587
SHA18d76e29ea2a0756681e4a018d06b941fc690c4fd
SHA2562205a91208045c5071d38404e02305882d7920beeb6ac0aa56f52e63bd30eae8
SHA512649bd4b3c4858566d6862a276d595b75b4ac8489559df676cf4275edfc6073013b9880dd59c12a43aba9c878542bb232e13188c9c74d46092cbba31dc49d63d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014Filesize
1.2MB
MD55ab2d1f8cd709d40a8ea424bb51be98e
SHA15423cdf5c8eb1f57c0c330617cf2277b1283b6b4
SHA256bfda89ab36691c4c6e8e8db2ee2b4bdccdb4d624410d97889f82c31d176facea
SHA512912b41117f1603d903848822ad61bea5f9561c95049c1c689cb36be40f2cb58f7cc92fae4fd8b47297a127e816c657afa7bbbb3c087c21d80d9bc31639237dc3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026Filesize
184KB
MD526a9849c2967147c9804a4919a7dab75
SHA102ea103f03ea1a84f9625baf327d6d200f0c3202
SHA256b3ce8488365540f490a1c495443b61bd5f2dc58743e0108d4b594c32f61bf96d
SHA512a268f52c5001d6238736b05a8137522939710c9edd012e09db5a4c29038ffed45b725cbd99fb4eb9fe09b294fcb5af6e176d02575b92febd46837df018a7c6dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027Filesize
57KB
MD5d10112b62d26f5fc6e5950b3a91ab843
SHA10d91535840a61035176f641ad42f6158d34e8cb4
SHA256039388bf1a61054d4f017c14a25be5b933d01d20c2dbac60edcf1c00c68a646f
SHA512a104db52eb85c96fabe0a3a8b657db3a6623c347d78071dfcde41dbf901a66ad1b27739d4f37d872d848003f59476c43fd87c4564c7a4ff97b8f19783e99b11e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029Filesize
92KB
MD59afcdbd810e71a3ae0a04c3cd897f26a
SHA11ace20830dd1fc1e78e47db4806ea0ce4163b320
SHA256328a82e87a32754d0493158513f70da0f8019ee62183e91a3fdae0f25e9b32cb
SHA512135b01edfd6067c99b1312788057324562f2bf10d5d0682074282457e036301f40af5f4d5c8586082d1d76e1de34ad5445962305c9eee1768a902a194e2f828e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040Filesize
153KB
MD53e02f19e11e0b709a1e4a43518ce46f2
SHA11833df0b25a35977c069a1309e0f22ec97fd7c38
SHA256da672a88e2e3fab4eaec2f6b361b4d04eee396aa0d9c2e35c53cc64bc55027d1
SHA512e0a12f7ac0b678117de5f6b3cc807aa5207296cddcf350c78180bdee6ccdfdf87015a95aef8bdeabdfd04f9a2ac49488f0eaf0ae04610eabe07d9281b3f49d84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0Filesize
14KB
MD54e19df1a53e0a899cebad2ec3c164959
SHA12bdef936fc3fc7834ed4aa6176ec276ab0ccab8b
SHA25608d407caf6848e249e416de1937f0e7ea1643baf6d2a36bb7691aaaf7d90639d
SHA51202319b8eca42a8fdb3a712b572e9c0328754d99b66f40b5546f53a6a9080afe3c2f169a81791d4d44225471bc46c20f0ac789b09f0beac93a5537bebc2dad378
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0Filesize
5KB
MD55905af78c61db916fad3597a56309324
SHA1d8fb8d2813de98db0ff671eed9c85341f464d170
SHA2561f7cda5410efc59909caefd631e45190e813b39f9768ac59c82cae0ba2db3451
SHA5122cbe27a8820c6ddcfc0e856fccc231a96f35d9d7fbc61de0432481a11a3dc4381ed48085f12398d6f56e7a7a1950335ffcb75c40ec59b1741ae4e9641b8fe26b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0Filesize
5KB
MD5a96b3702a5a83a32a079def18deafb23
SHA1f522b60911f7d80552953b99dd5495f07be81d42
SHA256d3b2b1c16799d797ceb399a07be0a6916fbc55ecc447c489a681937acb5eb79b
SHA512de8ab3b3eed3c6c22a3047b6260006f7c3bb4d0cbe576c0491d1cac05844d436698aa78979bdb5c972340f1a26f621eaba4a027798ec7e62dd47871a9aa09bd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0Filesize
4KB
MD5ecebc7b78e17874841a97add0fcb1a42
SHA19b2e4b3cc5c37cbfe04317f23112047cb3419075
SHA25613ff6df85f8ca86d7d9720a1e9ed1d2c3cd791b9a907858c29141463fd185a0f
SHA512b68bbaef16c976ecf3cb7a71fba2ef299509213883c7fcd8496e3c5fc9f3c37be7992dd2b96d56779f3f3d1ff99d114cadfd33fe1f7415f5b757e19054d62d8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD52bd09d714b15df455cb84c091c24ac1c
SHA17ced91eede9dce0cf85e3220a65d77e543423e2c
SHA256c3f8b01c028b45e55e4aa65ee56be2d46aea14835750e28bcd9e7f2dfb3cd526
SHA51211fe98ef3c21946cbf6151aa9ce83e1e86732b6474f16735fe30ddec53de17b2c8cc73949a933e8d5fbc35ac558cb373e37edc5eb99b5ac1fe18d1749da68221
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD579d73b6f4ed65b026d5150280e70fa07
SHA12fb25bdcd0f77a44e2d0fb125d8d5b719cd9804b
SHA2560586a99398e79ebe092e01d212b2a0170bd643ac5ea8dbd5a7083c3f75150ab2
SHA512141641bdc4d94c90144ec0075722ffb0f0367795da3991b4bcaeba8d899668dbde70f5e0adebc3ecb547515bd2bec3a7bea2885b650ede6023ed8c7a43e3418c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD580bbc6a1bf0b394d1e803869836cc703
SHA102b917fffcaf50ce4302a29d4b7c92841f44efe8
SHA2565398999401dd7928152c589529b1e1696b53572a3864ee6eb9048827788aac71
SHA51223ed224c6cec44d457f60527c729a168e69f7c920491c863a2599c568cfbe5c86ab203b0248415af69c32e77d044b23794ace695bcb4820cbb0cbfa86e0144a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD57d21d61b77ed422c83bdb54b2a38cf75
SHA10eaded8cb6b65e4f258552927774150c708b39fd
SHA256ee20b79da134641f413b54dc673df4eed81a4de488d7013689c83a66173ec3d1
SHA512e38ecb3cc80b265704c92a066956daa5d0fb9d166cd1c5a14250394885e298766d69ab80d32b0e374d9fde005d012ba1bb96b009c832f61033e6864baa2bbb23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD500b199a2e93ce47bfe7e27cc92b92553
SHA17ee6c692f3821e995d8559c39d49bb56f46fd637
SHA256a05de50032c41e35ff885f291b686bb766252c57f4367c6c0ea9b6bdfbb7827c
SHA5127b3d49902ea3759a17a56cd67f9ee4140c7157a4c21ea836a4e6a9f5f7b8f0ca1a9b5a4c33c8ba2a136727c1c439328f1743ac185db0a2d3e6ea158d6907c26b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5500f7fbe1e6a47711256f7380d5ebd17
SHA1fe9d0a64733f093c41f16e3389dfaa97ccddfd26
SHA25674e298b56876dd408a061df2a791c08ec9ca6e193f5f600cddd3c0151e973c8a
SHA51201fd097a7de8d554fbf3d46dd6cb25aeadabe4bf2f306ac5ba8bed73afdd04b807bd0aa7585302d52a52ef952202b4a64402c1f2e9516704205b29c139f23f7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5a32e775eb68c7188283d92b60b43000c
SHA1dc95de3e91bfc922571ed215cc07484e82952d3c
SHA256033f2c24bfb15e0f0d152ba0cab15b4b153ef82fd4fc6c39d7c02881bc27fb4b
SHA5129f803e07e0194f0d4201f18f00bd62558371ecf989e45f462204a4120948ad0ef84c1b5e57810f0dbedffd630a5c73b7034b2e9ed703722c2ed6b74bd43a1686
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58908550ff6ccd99fc304e1916e23f6b4
SHA17e940cde70529b8013b626c325364804ed6250e5
SHA25616d77b8a0aacbaf0d8c624ffee4729dae21fa9dfde4adeb1f37a3c736a59d24e
SHA5121b1c5505c354029633f80cfeb9e6d5e1a4c8d4e50f4bdc2649d3558f0df34c1434761d76b1e28c9067bcfc08005956a3a2f0fb42c26bf41027431c3e99599cec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56a38b5196df68baf5ee9e932c51ebd34
SHA17ae1ef86005676f546593916f48bb5dbb5b90d02
SHA2568a545a4207bce08c57db17bfbee69a4ff083f3e648c83e379808c89621d4649e
SHA512997e4202c3e79d58baa41131d919bbaa8f8380b21f1b6f9d3e519d183ccf9ba22d00f29d46f7ab48685568a85ec26a4e7e6141a6a43cb68108ddc47d2058bba3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD53cc0afdd8656684f2dfdc8192a2c7b52
SHA14c62721b548314f2556666fbb4476dd8da2cf87e
SHA2567a9a744500fada9555c48bf9f3f26c11c28275cbbe492596785e85ac11d93a5e
SHA512617926ca9960dffb1a62668f0a98bd0ba3953caa36e97d6f2154ae8d37c1889bb923dace44fb1ffd5dac009aa420479c51773adb74806f2fffdda99c9e1a64a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5bfb0b125dbb1632087b7d6cf0e40cd90
SHA130a48d587f9785b89c213413c88d9cd3618bd0e8
SHA2569ede769bd87af39996409d4735910eeb11135bcd4a7c0b6e7a2df27e1fb26824
SHA5124bd7685c3fa71e678636b5603419c905e67570f82ba3b9faf41c667473a4b05211f5d9a21e40af98869f9a50009ac65226570fdf9a5865d01f5a0b800f75322f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5f5d5d1913d0d75c69d2534287195407d
SHA1237a2191505b64a7ae6f202e0b0d2c820deecbbe
SHA256efe3dce53d947956d7f203ad56e3210d10dbddf68c2fe0e90988592c8eea0605
SHA512a379174e00931682b1bf3e88d7f1e9f38a0a1f837170f41f92aea3108e103fa4f84aacb8f8ef8344cf6f466cb8ad8c00e15728dc12028b34b9a62ca4003f2ca9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD51e4a8ff277f1dbc2ecabf91ea06bb22c
SHA16dc949ae67d32cf88aa078fc7b3dc2637d613f6d
SHA256fbea56bcc41d959dc568fa47644e2765da84f4869cce3a43d7fbf9c0f052c892
SHA51227f4f44b12faf78dfda22225cc98760ad34d879fe5f78f6d9fc024fcbed9d35922600fa567c61e07d4899ae223a5f872715f1be2f0b1172531bd971e4437a755
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
870B
MD5f6fe0ee66140828485d18fd64d1971d3
SHA1d160c64ac687cf1a9852d12ed7121ab6e25993ed
SHA256bd1a246e0fde4e5bfcc7fd2befa0f7504e52fcb18c279005fb04acaf7e546391
SHA51244fd2398552ce0426eb18ff66a3a2b68889b1f54f3012f76188a6967722681ad5613da2d13d675670e452684a1669661d1a0b0ce77c6b239fc10f9c89371181b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e03.TMPFilesize
368B
MD5d07fdb735a8eb267e966b9405611f5ad
SHA19d9b656d112be2d078afd9493f96151482f3a460
SHA256cb76d2f1a38d26f7408ad3069b47300eeff14f1c7ec5aa4b8b7a597272d927db
SHA512129ece38168da187a4acb76e1695d70a66da1f82e6b1a9ea568b107f035a0fb4114e636004db23f22c34b2adde8277b483e15ee2c3901dbb6e40a850c0ce0015
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5e48709bdd3389183971a4a2dadbd0147
SHA1afa8829e63af1e2914a884e607d1381d815b2c0d
SHA256d682d67fc209dbfcf5cdd7b8bb53130954b5161b0a492618fd19cb313c2cd3fc
SHA51230bddec9fed5ef8c95e3544aad8d212ab530518ccc20e7dd890a9561e88c75030ee3985a6d0ef483e8b39d0123d6291ecdf9d7cd9b8ae203dcf9eaf635935eaa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD52c496ed5e46ea3fb46ede92dc3a8b2e6
SHA119a6156c33cad97a631825747f505d8f9969b648
SHA2567cdec09af1caf8f7bdfd29aab4a973eb5b5e2d5a3f437580a18620d10b821220
SHA51237932dc8559a6a63da6c20f9920992bab6afccb645d18e01bacbc4f8ad753c96d05d5114a78d472fe26feb9dedfc9c97cd7c1aafe04fdddad7319c830c355187
-
\??\pipe\LOCAL\crashpad_3704_WXKCJZNTFGRNMURRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e