hxxps://code-50[.]ru/a

Analysis

max time kernel
600s
max time network
599s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://code-50.ru/a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2240	msedge.exe
2240	msedge.exe
372	msedge.exe
372	msedge.exe
4632	identity_helper.exe
4632	identity_helper.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe
372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 372 wrote to memory of 3672	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 3672	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 1532	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 2240	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 2240	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe
PID 372 wrote to memory of 4752	372	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://code-50.ru/a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe0b0646f8,0x7ffe0b064708,0x7ffe0b064718
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
2⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,5825289541571277659,5089401949089146185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
2⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f711d1c87616ff80baf29f7528a5fbe6

SHA1
b984b97c484080166bd4135f04675254fe756ea0

SHA256
3c6f082e1da84a2459bba1345779c63477f7d6ae6a24be7b102fab8170dcd93a

SHA512
c250d26a09269e3eb57ea803e95c513ca208dda1765b454d0fe0cd49b763f9cd7308aaba839160f800787e4a14f58037498037dc00a3309137d7a0d8fe692381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
f7e238c22b274393106df3b0f2a0a213

SHA1
9d280f5c470fb6cf7f10f956b20045c058cb6ef7

SHA256
1941bb55435005838094979d75d3fd9229a9f2aa805d91bd286e5140fb075c19

SHA512
8414e5cc16651c4b681b7c8d4875fccb7c54bfd37fa022cc14663a57761d96055e42eda004cd09c7a45fec652f9611cc7f88e6fcf548ecd917026b9cbc72214f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7323b1d1a1619e6f1ee7f2a4820721cd

SHA1
d250a9b4f7a3a4cfc68c05c3609cc988fce54096

SHA256
58cd387303f0693994e0f56c1730ba2d8a0fc57d4876a9bef59a05063193cf8e

SHA512
410385f07b44c0ae9486d3a3df5fb25f2ca0b4e239a7eb0e66c4724377c4428475952ec800a74092d41ac5e4f48b81a85635b6a5d936984dca62af8426cb03fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
eb8c6764067469e6a71985ad55afdc39

SHA1
3f7fa52e7db77bdf0788d54b73039db7fd6a7da2

SHA256
0d4f941c5f97b67f1eb36f965435aac05b5776d48de45bfb66e8b03b4546dd68

SHA512
eeac1536f04646c83818875cb4793fb1278e22168471cf43026605c09b6dfd9179050b6990ffc1d4edd7853a1a8e9c949065ba5cf5c00bd5f827acab143e5b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
1ef9ff132ed287660539b12d670d8823

SHA1
b3e897b6ad5a886a140ed980901d32da64cb0c74

SHA256
4507915204f9f2e5236f0602a2beb8752d908b487852b324062326c63ff0185e

SHA512
d561340d26d4a9d4576b25f9990e8bd44410c46e057b8de4edc701b8742feab0b8697360f774fe950daa94415677d3d479363285dc7bd58a3cd342bffb6d7796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
88bff5433d84e8e2b7a005047c9c53f9

SHA1
073f2b2b943aea57dacd3df838f09acec83a906c

SHA256
fb104047b0242d8aa4619fbc2e229b720472492bd0bd9ccf867185e66e3047fd

SHA512
a8708d0ffbaa4fba2e09f4e863fea6778469c1457411468f17070da83ee0af6f737c30094c1b4c49762ede44907721d084f30d0520c00117d21aa7d0f6d5aefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
96b92ee9ee176521ad2ae2b159eea9fb

SHA1
3df367177d06d98d7ab994a55f008ffc765d5803

SHA256
8053832d56a9e007aab20b381f95c61412f42288641f64230715af14d179b0f5

SHA512
aebecf4330cd7bb288f80ac3af4565d2f45aeec82f7cc19362360f23b6813170033957463dfa2bf79f60b97ea1d5393915d60f0ed3ea051107d7870eb6930997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
49ff00450132542916b6d761d7804968

SHA1
731ee2d0e57c9780df55b23639399eb175053a76

SHA256
7ab2ece4f89a94fb4f649a7d135ae6ca7d9b2e39735bb7e85293f7b7bf6fe9b4

SHA512
fb8904957bcb878c251de99cb37aaa52d7ee82a50eb7b0f1a5453e1633e5f824cecbfb0293b96feb3a22a600c60b7d5b9a832a8d760d568eaf986f80ff30341c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ee6853e02716c4dc3353a1b60aeea469

SHA1
561f124b105f92a22a1780a964da72505fee686d

SHA256
7a1973829a092b31c0204ceeb677d4459ec2eb7f46e1ea1cdabcbb9cccc0035c

SHA512
aa1240a67528e9ff0ceab070fc043b129cbe2da3cee8946b5926e2ecb0d07b852f8042702e4bc3ab9961df187945d69eac7d98bae4b0718a137cdf43a1f68644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8ef1db3599187ff889ba2f6dbde6c971

SHA1
c3818a920758d174143b846bf0aaa114ee90cc83

SHA256
a2715f5623fc2b3a36668c70042b9050e3844b9a5d05263101a7a290f5529326

SHA512
9a436c3bb761db641ade1ce35282c11d03b035d5805b175973101352ae40931a7ed818e794d64e9904c781fe91c02106f2e8a2048684ca946c4cfabcea0a02d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
875B

MD5
eb7041f21de314f90e77a6a301e34f56

SHA1
ec61e30a972aca71dc34ef49015e7dfdc4680094

SHA256
f693d720a81d3fc5452c67f5a3aa7495379ac8fcf3bfbb75f4ff798d8041378e

SHA512
fb91da9ff707a0a2ada0ad38b4d2855b1391a368c7e851e69a11c4058d079f84d243b7f323eaf4db34d2d3feeef59f505cd5648305751aefadbe91ba5a5f46f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828ef.TMP
Filesize
539B

MD5
6cedfbe186efff5b5b0767a6e5b567a7

SHA1
6032d958cff985b7a318cfc77ce5427ada36f58b

SHA256
bc27839d8e389cd66191da3115ba714b0d97540c5ba4fc2383c309fbbd5e25ed

SHA512
ca1401d8c2ea847e3a67d9bdc6e3d1407eb7784a4a6fab9c6afb2eaece75d83e914a2d69af9e69f42d6b7112f9db0cf39a6f85732723404c50f2f9ffb24fb158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
082ce620db9dc553e1edcc711a9c68c3

SHA1
1edd614800b08bd336fb4cc7a2a088a8d57f93a0

SHA256
2a2b088f5c32a7750390a7b8301b343e0e4fcb9352c63c3eb631804a27a56be6

SHA512
55a303bf775840017a521e368627a6743b5a105823c439a322b94b3a025ce6bb1e989c654c9cf334766996fd9d112a8ad98d68f2c0237c186b4f49ad71f55349

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_372_TIIXINOOMNCERLPY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit