hxxps://2yCD[.]hanytimin[.]ru/gHncp/

Analysis

max time kernel
1691s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2yCD.hanytimin.ru/gHncp/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
100	msedge.exe
100	msedge.exe
4452	msedge.exe
4452	msedge.exe
3184	identity_helper.exe
3184	identity_helper.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 5024	4452	msedge.exe	83
PID 4452 wrote to memory of 5024	4452	msedge.exe	83
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 2180	4452	msedge.exe	84
PID 4452 wrote to memory of 100	4452	msedge.exe	85
PID 4452 wrote to memory of 100	4452	msedge.exe	85
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86
PID 4452 wrote to memory of 1508	4452	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://2yCD.hanytimin.ru/gHncp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3296716138961186288,5114498436857509771,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
22a3cc2322b2fb59800c52c81102feef

SHA1
6b8c9d7f4290d113c08ce14c378d9c855c008f8b

SHA256
bb236099ba7ec01c9b9853ff14b03d4e64d8e57a41b6cd3d30e67639a8e50178

SHA512
ee054c89e23ab1ea38876880e1d3a204a3d9760db50fafe84ac7f1ad240804a1a3dfd2e875e49e881d789cf44a2f32a181dd1d298b37c9bbb3db22be10dd92a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d607d1f5484012e5c70bfb115d67ad45

SHA1
c0d3dabd680da478366cff22462bc33428d54e1d

SHA256
9e7ff8bad001ce46100f8cb4d589c67a14c2d32a0c498af5c3a55d9387b01807

SHA512
a00a072c37b05703106cd65fbf2eddd824305dad0957fc05082d61754d4569b32bd69543d0ab2165af08394ac5c4f28f75b9d026011cca2e540c6ef99a6aee0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
326ac2a66c55d95f6cd9357eed651409

SHA1
a4146572d821b6affecfe240690b617984f1331c

SHA256
89cb3c62a9b5988bb88171dfbc8d9467d0aa1314aee1b6fbabc8b9f320be7f74

SHA512
373bc9f46d9c0109944e695dad5a56b1b9d50bba8e278b4de124a99f07beda225806f64d8a8659f0ff20214bde267b683e0ead5fd902366e4c6a13bc3773a82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
709B

MD5
12dcc8db666d9915d621a2b43d8bbf1f

SHA1
f5889a0a9db39be605449c5194fc1385a8b4f655

SHA256
5c26a7fbba94314f81870a019d85e38478e4b6c113e50437a7bfda184c55e1bd

SHA512
fe4c69eef831d8da2d73e32d8345256b40658fcd61947fe17965db7d3cdf0b6b733c1a538a51f5efaff9a115d79cc32045709ce120b1aec2e2f440450ef39c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1ce64f7d174f2571c5e217e75474d60

SHA1
a4294fc55a81b3bb8ab0f1f0cc7f3fd76b8b75a4

SHA256
df2d841d648a2f8db5fd26eb552a0ccc0ba45ea77db0afe60b2837d25a350add

SHA512
5eea6ea4f8888f09e304e7b7aeaa81c64c0202edde2e865606f37cfdd038a6349b883cce15f9923428506d6abcb0014fd5eb91891fa08af58e8a4852c442300e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c10d10d5b340e38174c0e131826361d6

SHA1
f9ca96dd480137e2c9538517478d36b354c2d8f9

SHA256
51cafc8dce71a9129807507cd1bd8ecffd16cd4fa27a1d3946e9a6b3337ad051

SHA512
5ca8bfc15746b33403562227c5e7e8e8ca90bd0fe1157ddc082c9bc8c2feb0a68490f159ccbefe5485567b4e9e35021d367ed57f4438bee2fea9420c10117c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c424b6a87d36c7dca1af47c4fbb8d535

SHA1
3b826747d7a72982c91813e4be832b87fed75052

SHA256
c3a77f46421332444a2e6317b823ac8c4612fce08c6e2d2d218f942345b4baef

SHA512
f661a2e3077fb2672719a48b911807715185bdab82fa5a3c2b4ff4e35802f3c18e2f2d23349309be682bf4106bdd1ea2ec85f821c59d3c2cfaf0db258378e353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\03616a97-cc28-4d81-b35e-29c7770dab8c\index-dir\temp-index

Filesize
96B

MD5
6f1db34c8f42f7717e3d0051d531b644

SHA1
aba500961f224aac7197e46d788bb3060886027b

SHA256
86c573fbb17d1d25f957061006d5fa429e935cd19c257047d94830e6b5508c89

SHA512
ea72bbe60972def4b820fbeaded2d5e80d897316070eb11f2b881ee7a836af0ba374eac6f64df4880aebe881d1c191a92b97db8a7563569a28a03fd6aaaafb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\03616a97-cc28-4d81-b35e-29c7770dab8c\index-dir\the-real-index~RFe591071.TMP

Filesize
48B

MD5
3603ed22ba5750fef937fca047254584

SHA1
390c60d65fe6f740ca71666f22d8c1c0324d6aea

SHA256
da6ed133f53691bd853af200f36a100eec93ae15f8095732b3700205fa217299

SHA512
2f24a5d4f9de190dfd9b12cbd9e2ad48a6f861b9cb3dc756069ad6972657928737650dbc6e2eead9208806ea49178e529ef5565351ae48764a18fa56a808fd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\6effb048-2955-4398-b0ba-867442d0cdf9\index-dir\the-real-index

Filesize
96B

MD5
7ce321cc836bb0a997afd60e53d5bb1a

SHA1
078e2955a4e3f286f80064afdd97030f403a76eb

SHA256
8c52efd5ebbaa91a650480e3b209d01baa11ecf0ddd32cef65ce882c2c0d2cca

SHA512
f04e2703d42b9ad0713ebc25bb28decea1c688c009c2d099d54dbdd36d6aa2f0a77d8283a75c523e59a39f454c6171fd827991b72c8cbb01dd4b528287e1df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\6effb048-2955-4398-b0ba-867442d0cdf9\index-dir\the-real-index~RFe591071.TMP

Filesize
48B

MD5
1a437babf95c587b5fb9281734c29764

SHA1
cdb24fbedabdd4f2edb024261dd156f8c89e2bcd

SHA256
7d097134a1eb908c4a28e4118d084eed3a05835007ff86ac1bd0d5c7365f77d7

SHA512
a85d34effbf6bd20fdf81621063f5a2fda51a03f7e5be9f8b789cd960d68af36629ada792ca0338fcf54e0b8dd651fcd860ff862c578530493de4d732ef6e036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
107B

MD5
9cef5f5f864cc9eeeebbcb980b85e4a6

SHA1
5c74257199147a5c5ea0c065e9e8431a16adcbc9

SHA256
a7fba9b48b0a07925ee1e09fdd45a8ab743ca09890fbb514655511ee7daf6757

SHA512
3e836fdc7a04bd5608afe1421bfd1a659b0f2ce8b7fe949d279e9fe8fb98113c3fda60da2f09425bc6f7b44fe72da5b0b281d20c073f2aa3ed46d7dabfeb8135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
175B

MD5
1d7f2a65bc31140d8c1a4196e8079eae

SHA1
a787ba8438ef4239681ce48829de2c9fe1fa8d86

SHA256
1418a5beb78a684ea5c3d891c4f55a35790cf22b627babe35825cc2d4197747a

SHA512
05ac452b88c7781f1daf1cdbf8192cebfb09555c81e1ae2c09b9f10c805b4436c80274530318adbd67ee972acc5c90e7f65d6365fdba3e12717b403a61c42544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\2b5c392d2730c0910fd56433cc5e73e510d0f2b4\index.txt

Filesize
179B

MD5
25c4593c5bf82e2439fbe4dc4dc5445d

SHA1
fb08e88f51a0e5a6fa951ead46e5480018c01eb2

SHA256
d566efe2ab3fef35d366d0d8c25229781c9be6d49843b062a7797032a3a7ea7e

SHA512
0ca6269a2ae7d095a7f56b6489761400f72c090ed330b80a1f15d5fb27956dff2ac67dbe2c5d34640d51a65c9f3bec821be5cc472f04a564810a1b26308bb96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31c690d8e3cd1f30be6dca6242445bbc

SHA1
58b21d5566091e89474ac5fdb2d6aa45c430db68

SHA256
0ad60549fe1ae5eb6e1bcdf953bd2c67208140ff81b519c710f0c352ebe8b443

SHA512
a1d2e46db7750f35a2d7a4d894c86a506d863449444930fc62668bcf3a09b0369ee3901ec5c9dabede5b5a0fa74c91789fa7bad1fcd0f2c6d3401f6b35721c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5234cfbbf7166193c45679cfeebda5d5

SHA1
102476aa24862a352e771ccdd12cce52f95dcf34

SHA256
2505b42e31d70472851549a76e3dd656d694ce8dfb6ada9ed2df499e1eda3bd6

SHA512
39731320dd07f9c4599ea502c82be4245c81862760026a5c57695e03951279fb30d810fef54e676bd46d4c09ea94dd13ebce49a4614f73ee23f22c5908ee9b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1dddcc1303201e4a2fc260dcde01e1e

SHA1
284926b4f8da046b90708751e0fa1af4cd414303

SHA256
a68fd0c0e15c034db9e9f5802c809e908e6a156267571ddb68c19c6182654a1e

SHA512
70bfc78d7b7cffc0c32bb563ea793b603edca1be7aed0f9729c41065dcec3fb7219f6fd8473900f69d983d9b6c6f1f47ca1561a961972126fa58eae96b963a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591e7b.TMP

Filesize
204B

MD5
429f81d580321708ce83d1d24c05f4a7

SHA1
83812227820016a1737e9914d6a633ef58a0d57b

SHA256
e60a34ac4f49551f2997537de8b437e95acd9fd55161bba5e48182843de9bd4a

SHA512
879ccd860cb1656e9926143d160a6c0fa6b2a0977cdc88e83e80d1420194b491b26259f2da122b4359112c3c630cad061a4b96031c09e0ac25ef859910066ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e16a6ec8b8a58dae2c3337d01de04351

SHA1
8b59d591b113a38f3b1395b27ba6a5a647fe2975

SHA256
df701ff7a2807482e54d8b92f26bfe4ca6a45e863f77ffe189edf85bb7527149

SHA512
e62ccf13156104e2e8b2e21ed7c708af513605e50d58421a9b72b85c0771cd4090b1baa6ef742a3bd87aa2dd996f29d47fd8dbb251d7f70251d4db4d78720499

Download Submit