hxxps://ui50s[.]ru/es

Analysis

max time kernel
181s
max time network
188s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
17-05-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ui50s.ru/es

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1104	msedge.exe
1104	msedge.exe
4680	msedge.exe
4680	msedge.exe
2140	identity_helper.exe
2140	identity_helper.exe
2388	msedge.exe
2388	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exe

pid	process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4680 wrote to memory of 3132	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3132	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 4068	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 1104	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 1104	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe
PID 4680 wrote to memory of 3136	4680	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ui50s.ru/es
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef8683cb8,0x7ffef8683cc8,0x7ffef8683cd8
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
2⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1
2⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2496 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
2⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,297826973424923718,10610510772308632642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0d54a436650e68b788aa9ce33b577c73

SHA1
6f1f9ae2e3383fd9466673d8f24a2803aab5b974

SHA256
52d97d442f0a5e13b11bfaeebf79336cc79726e75b22b905d06b71ffeea282a8

SHA512
9ec5976b199d181d59f545a4910b3af3513938d0c4d4778551e1fe798e60f7782bcc0158ba46f3d42490b8582cf0409badfba1d385a2d568fd94bf0bf4fa5791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
cfafb2d1f470c50d8c8376b753914334

SHA1
98847878548f1eced4ff041a35a80b1fb2e78eb2

SHA256
220df78bf068da91e419e863f70038b9fca85a7ed5395dc8f81d05b25e062a98

SHA512
0d439c622ef3d589a6f813652f0a52fa4345d1b074bb8dc5da790f9ed3ee6af5bc027fc1b30a17c6965edd55e6282f4580c797d70aa5de0516838142e9d6f9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
06d2b3892613d201ed4af79525da55d1

SHA1
36369f7c31cd890eceb15625a7c0b0f1031940ec

SHA256
7ad3af4eb9be94eee53e9c45d21596c5d93227540023f3c93192d5a131275d5f

SHA512
d815fdf6a88c4a463234b657fea420acb2afc2007d478c7a4fb21a41cffa71e74fe4fbb27a4f4be62e2f1c85083a877316ca20cc99742f1b43b221814d16530b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
771B

MD5
fecf554ecdd89df294dcfe40ebcf7301

SHA1
6d1078563c75cedd4c2ee989aa8647b114b18bd9

SHA256
77ef451cf9a1d33d3377d2181d1bc759459c87d59576f7a043d059f62378ec3b

SHA512
94de90b0a2337320e5979e058a3046e7ff91ef3f136ae3e25c7dd31c6f79de9bd2ce12af583fe8da8e80d3e55e3f4500b846b66e5c051669696917b899e0ad82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
458B

MD5
0b8435f3d40dab4029012c50ba1b1b85

SHA1
f9b378ecad11df883425d8cab8f5c3fa9a9a17a5

SHA256
215392818ae36200884d3f081a23f731f78e724b2d0a7c143c9e2e8ecd03cf8f

SHA512
7aa3f54d137bf5ca96f87e613f329449e02b289d81fa9dd549d8d7bca7a4926fcf2be220c6fc9fb5930fa01ac094dfd8bf6d068789c27ba987810867b466fa84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
458B

MD5
92083a60305b974ccfdbbcd62868513a

SHA1
3d25235e95b35f7530cc2940743654583520c7be

SHA256
23f9bec8bb7b33e5d3049e8f0de58832794e7a40cb5650dad73394ad82e6b76d

SHA512
d2f64c2c85be0c8dff78a86c9b8f18d99b8712560bf43873cc8b9a0d1a6b5a2e824bed85c49ad3650720074df16dcd21924ab15975ddb112616cc87b99be8b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
766B

MD5
10273c948d34a6ea44bea3172342d230

SHA1
7aa8c407267a7a2e393635d3569596eaf217b8bc

SHA256
36fccf367799801c85969bd7a5241ba1d0567db5d0f95a230b026d0ec3b65ff9

SHA512
8c8703008ffaf820e18bb2c19a5dd5b31a59f0c16c89fa1cba6a0344c04314741d9bda16e6ebaa3e383695835da493a892d06e5c1a978b17138ea68eebc88ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
860B

MD5
2a7e447ad6d677c3ce6bcb898fd16ff8

SHA1
5818bda44a32650ff43e79165ba764ea6aadafb3

SHA256
9d146c5be6671f79d308ecd1d7029269440e6114cb87498acade7c7b04e0f256

SHA512
c1b4ae218a3946d9483e2e64d93128734d226ab8d807648b247a2219910fceda6efbe19501944d5b1618783d565d3df78f88585d42e18919f05659a5ec2736c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8b2786d037dd919ccd947486a4bddaf

SHA1
8b36ba793fbed86839c153d4b9e5590055b89ca8

SHA256
6a4beebf6825dec5197439bc15448949281cb0f292c462e2cf4a00ea73174e28

SHA512
97b61207d920c70f629c610439d6e2941ab3ad5f659192dbe2ad3a2f875d95f838dd60120dd02613e4e787d62762bc601e25ef2905eb092fce8703683c46e313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0950d024f78b57a2e2a72efe3092cf1

SHA1
7932e8cea24003d1cc3b81d73e484e5b5107a15e

SHA256
555502dc8ec54880dfaa55e0587a5e791b4d8e9500439e9f790d3ce6fc501a6f

SHA512
1ed897de7c06fc160b596a85e286b375cab13e9837583075689b430e38ca37e2980e27ace40979529e2196d4683875f4d8b2070194a9a1d744f9cf9f93a7606a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1dbd29357e2ae2e918a2091d6a241bc0

SHA1
4002a238b0b4273326baf0674b97766ef31f7bba

SHA256
29f00491f8483371156949e8555a0e3def6fc4549d9975273c688afc9ba6c242

SHA512
eb3bf69c74c47181575a4c7b31e59dfc517d30425390f5a2016229a324a2cd8170ae4a41717a8929a6352f1b844fa091f89bf0345a7bc11604d7f5beb52ee837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aaf503603bb3556082442f0eb5a60f8

SHA1
780f7f01de67966c9cc98c8aa2bd3c815cf4ca25

SHA256
0623063e40759cf549db31f3d04aa1002b886a99e1db72a7db223463f05ebf83

SHA512
55706d6f387c980887a61e4487d57fc56cc21ed1e1beebabd43d2f87a434246723cb0a5ef9362b7629c04d85d48150f24cf58ebb857529f33c0fbcf817c1db46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82870f7673f448684d55927570e1b774

SHA1
857dbedbc86be312de0989b29198fc2df025e2c1

SHA256
4f5ae23cac510e615518b45da138e8471c9a2b3ee7afeaa3a9c00e8568c73f7f

SHA512
47158d0ae870eaaa4504283f62d666dfe8c54805743edb31d87c7d2046234114cbe13e5bf54f2efac3c128f67b7d48903e60c146bc907e8226de5ae31ec6ce8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e57087131f02c65e92676d97366d8960

SHA1
2195ca0e440c2d9a9b0e45ba2dfe22cbd31880d7

SHA256
1e5e9c6a4bc55787e518e18c2dc220cd988b6a94ddc234341517a5be83ffb2c6

SHA512
3648fe2257b8a55dffed6ba17cb2e49345df88b9fc5282d7b297a4ddaf29eb6c1308daada6db12625953b50037374ed258fc47288952af21ccef541fd7539a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cafc1ecabc21e7431b858c58f15b7089

SHA1
34b1199e6de4b7bb6684208578589c83cb3b6534

SHA256
6b0a4cadcc1bccbffdb1af8a7bdf7e2c12eff67f08a6eb96f90cd7bf025ae6e3

SHA512
76da15035360a8d76fe2dfac37c081c45dd22e4afe24f5c7661ddad8b6c49194bb4b961083b05dc81cfe567b0df7ec59b1c4bdb9feef2597bfd2045c801a7cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
47a607cd4913e30ab6d7ef1236151fc0

SHA1
04c1dbe43bd1d9a3bfe47a6f3685a8e0d3a9430a

SHA256
cafe71188e72b7babfcce139c171f9cbfbf9e3ffa4acbe2128638c67c0522318

SHA512
191ee93b8745983c0c271fdfc1c7919ea861563ecfa1431b14003709783783a941c136cfdf5aea8309e09863bd34b66442bc1b83b381eceb23671e35ed2e061b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8ab4892a46ae233da490e6f296c0d8a

SHA1
90b177ed13518e175039989120169c2b640c37d2

SHA256
642d50eecd8068359d1581d0bd10372bd6eca763080187245588c97e845d113a

SHA512
28019300546a7e59c8ea59bfdbe10b1674eb4cc658fe8c2c07e334b49e9dd4dca9dce1c802b9a766c9cc3b451817c2ebab1472ed8b2970804a9f90ae68972312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9ad942686ed1e8c2faff67658c3207f

SHA1
3bea38eca4b0c5acbe12bad3943821e9f7dbd63f

SHA256
28cb0e6b416cb792729e52fcae4a41e2eb66b4fef5c49e35d67cdd6f60c771f4

SHA512
ab863bc39c6f037855b8fd042665c7b24d5609684a7736fa51a8d067ea3eb643c910aea4bbb6041344fda84f35cb1387d1e51b877694e04b86b5a2efd46f448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bd9ff90b5adc1ba251bd1123a3545f82

SHA1
5ff1b27578ee629482d081b188b086fdee042046

SHA256
78d54fbb36fbc1fa7330f6a7b0b80311dba66b2e347e8badf42548bbc1cc0581

SHA512
0d150fda5600a1d4a55dcca7be4100c9eaa2b3224f8a39ff24510eabb47ec7f3b982d164b6ac5bc90ded4770f5ec620ed37fed86527a29d24cd422900a7a895a

Download Submit
\??\pipe\LOCAL\crashpad_4680_ETBIVMXMMEJLJEYQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit