hxxps://2yCD[.]hanytimin[.]ru/gHncp/

Analysis

max time kernel
1681s
max time network
1687s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-12-2024 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2yCD.hanytimin.ru/gHncp/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7a7d08f8-a700-4f3b-90a4-f63bc9f3f066.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241217171908.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
4852	msedge.exe
4852	msedge.exe
1616	identity_helper.exe
1616	identity_helper.exe
472	msedge.exe
472	msedge.exe
472	msedge.exe
472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3760	4852	msedge.exe	83
PID 4852 wrote to memory of 3760	4852	msedge.exe	83
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3488	4852	msedge.exe	84
PID 4852 wrote to memory of 3656	4852	msedge.exe	85
PID 4852 wrote to memory of 3656	4852	msedge.exe	85
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86
PID 4852 wrote to memory of 4040	4852	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://2yCD.hanytimin.ru/gHncp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffacd8846f8,0x7ffacd884708,0x7ffacd884718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ff61c9f5460,0x7ff61c9f5470,0x7ff61c9f5480
    3⤵
    PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17691289518334437857,2918010849309869497,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9fc751d5fa08ca574eba851a781b900

SHA1
963c71087bd9360fa4aa1f12e84128cd26597af4

SHA256
360b095e7721603c82e03afa392eb3c3df58e91a831195fc9683e528c2363bbb

SHA512
ecb8d509380f5e7fe96f14966a4d83305cd9a2292bf42dec349269f51176a293bda3273dfe5fba5a32a6209f411e28a7c2ab0d36454b75e155fc053974980757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9a93ee5221bd6f61ae818935430ccac

SHA1
f35db7fca9a0204cefc2aef07558802de13f9424

SHA256
a756ec37aec7cd908ea1338159800fd302481acfddad3b1701c399a765b7c968

SHA512
b47250fdd1dd86ad16843c3df5bed88146c29279143e20f51af51f5a8d9481ae655db675ca31801e98ab1b82b01cb87ae3c83b6e68af3f7835d3cfa83100ad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
72ffc677cdf17beae494fd2c9e77239e

SHA1
4e11ef543fc20218c9e5f44c4f02b61aa3fd445d

SHA256
d0513c70a5f86894d2fad5265c1d6d895971d626d2c589293673bc92f415f848

SHA512
0ec7bf61dd095f997d5c106dd8a8043af04455aba64b53befdece2000e8b5b2878e28de10ffb51c499ddd0fa26e794a76651ca58bd04d02d000d092597403cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
69a71d218d1b9ba470781a6d5c4bc1dd

SHA1
4b05be422503c7331e93f11da29d5e29c7f71344

SHA256
3a2e07fc2dd69ca87f6c3050d93d8bbd4cd2874f2df2ae9d71620e5698ece0f5

SHA512
060956bc9cc16eff4510f84fac8bd0acf6c07c851668415270407ce885fa02b179fdab55751f77f2144751a6f79b27d925587e5ef7dffa1da801e6b2f3481762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1d5978387e246efdb270a61a66026ba0

SHA1
095816b3e09f5d0d4e37c05441572b00f29b5d5c

SHA256
1fe21ceb6e513f624b071eaf246f50c2fe7cda732bfe6c2cd9deeeb95512874f

SHA512
066b1bbc237ecec6d99df39d5843b488c5aea5e18521f0d02449226f2e097fabb53a59af4cc0cac2dca83bc41a490d697c04d226f57628a45ba4f2f68820b2ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c15abfa056ff7715c6cbf5abb9ed6537

SHA1
cf4f6db8fcf2ce862adde25a3b5906d416f62ba5

SHA256
6595a3066dd79eab38e95b82aac2c741f1b071868b61d0ae55211132fba15eab

SHA512
359b2dbbe820c14b3f3ab3fce95ea28ac850fe120d5f4233b35449f9ed9c249b85b8bbeb0d1b624d5f5362d08004acd6655feb5573e949681761ba7c4e2123fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
709B

MD5
b766555c9f6d05ffdfff2065f3820879

SHA1
12f6d7caa0017a7744f26dc57c03445943eefc48

SHA256
b132a43aa89ac061d5f8c40f09fb0836f72a57eb56a89588f2a8ea20ce448c2a

SHA512
f3c4f1dfb5c86f3c2554ff4ccf8a77c8294ba195954d70faa45440467ed40638fa58b59fd62928a06d13ad3f3a1d907fee917559742c04bfc4f27f3edc779cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588bff.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c6438483ceeac607e90c3f61af77d74

SHA1
38a06657326a18bfe877dcde9e046b3d2136041b

SHA256
c05a4d4c45d89ee9a31177a30380c97492bc62abe5a2b926575c7960e5e6f04c

SHA512
15fc39fd16f15b00febb45f9c39e911390648f72b878bd9aaa0fb6e5217244eedc282d6471f3954c25e0ec42590e3aa4463efb95f92ee36c4abaee668ee19966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb7a08471dc63269a9966caf8afcc6a6

SHA1
c1403652eb03445e70542633ce33efa2e4d853e7

SHA256
4eaf56fbd53924ec2bdb60c7ea92c8f111df4c645f912652064cb79c88a27e2c

SHA512
474454ae649781ca7de91f78b78470ba6deea14ff649c7292be8cc114fd11c378a01d7a4f38c263d6e0bc9b6af6d3afa3191341b9c6c9a739c35739d8652a3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75b5b0330d4a7f8c08699a486a54765f

SHA1
f8ad73c1d6ef5dfc20642903020930dfe31afded

SHA256
928f041aaedc869618d9d0f3b0ad6a1d3d2fc956e4701dca1e94a3aaf40ac343

SHA512
8f57e457ed0281c6f04e4116cd64bce0894575c58bab645b68d53a7f814651ba64e825dd7f59bff17adf7a2aa1f1329e327a1d0be98607d4d47e7a116846fb45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18dd81f2cf9d99462102ed2887f55fa7

SHA1
eacf6fa6763cc1c8a0464213e7d918ef477ec62e

SHA256
3a2d38f673e5a5070450a6b486199ec6824a3c6b40c77af4e9764e0eedfa2f56

SHA512
1f1f2fb26eceada8e535375bb5e91d15a15b4dd0f373eec9e828034321c4abd8ad52aea4a22cfe1636d40ff21171d3a5a42f158d254031c82aa69af930428ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f9055ea0f42cb1609ff65d5be99750dc

SHA1
6f3a884d348e9f58271ddb0cdf4ee0e29becadd4

SHA256
1cacba6574ba8cc5278c387d6465ff72ef63df4c29cfbec5c76fbaf285d92348

SHA512
b1937bc9598d584a02c5c7ac42b96ed6121f16fe2de2623b74bb9b2ca3559fc7aff11464f83a9e9e3002a1c74d4bb0ee8136b0746a5773f8f12f857a7b2b3cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d3412a01d4c3df1df43f94ecd14a889a

SHA1
2900a987c87791c4b64d80e9ce8c8bd26b679c2f

SHA256
dd1511db0f7bf3dc835c2588c1fdd1976b6977ad7babe06380c21c63540919be

SHA512
7d216a9db336322310d7a6191ebac7d80fd4fa084413d0474f42b6eff3feb1baf3e1fb24172ea8abcb67d577f4e3aea2bc68fdb112205fc7592a311a18952f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a84ae01c4289a0dbb83f5966cbbdab0e

SHA1
dc9bf6ca913b39bc16e3d7a59a03dacecba9ece7

SHA256
de0288dde73931b98f7b4c4d7d3fa589a49b22ad2a1366dda5f19b0557f1e5ba

SHA512
a12d4639c143358561dfbc53bcd15ad409bbc28eec32d9d10fe48bc553519c0d03e902ee84373155433e3b9a16cef128c46644cfe6db0ec9740532a1139c6f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e078.TMP

Filesize
204B

MD5
3b292455bc2d14dc7f75fc1145656ce1

SHA1
5ce9ed914d6399a8bf28ea2aafe49d559cb03738

SHA256
407880c557f3d6ee91000ce37f5b6c2d976aa5367aba3a8c0d11c475664836e5

SHA512
c2bff73952e899fbbcc39f349656653b465ed31a9d8574ed0768a226438167bc053d996a744232da5102a2bb82db733833c11026b967444c705be796c672bf0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4439c1b71ce4d099700608795c5f79eb

SHA1
0aa823a6f37f61ba5659b12f9c156bcc52c3b459

SHA256
7404d831c091f925da0e179232cb908226297668b3f05e190d88917e4b5a7269

SHA512
5544b7c9cd28e99329d08b19d1eab289f0fb0b698c0dfcb8517bc51a585aa3dbfabfcd5a45297563bdf58647b9455c4ff952257da2fa53c71432d7fe48294d1d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f7ab9ee7f98250eba958f9c35e120d88

SHA1
42e99fd63cbab4f984b0ddfc684198d9a2d88812

SHA256
4ff48c3947eff2950cb9dc6608e2fe69da8e228502cd6539a299df26c80e2a3e

SHA512
20787073b2abfdf88db2f17e5fa3380f4c35241cce3158ab48bcd0dbfeb34b1283d57151adeb004504797fc66efd020ac6e886ea23750f8c30d46ae6f64da45a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9f089279fe61ac83bfb7de9d935b3ef6

SHA1
9fcb9e9e1b2cabef90b69a41e50dae161c857fd2

SHA256
15f4c072f8a4bed6505d7ba984a8626514d0bc3d5b08c0fbf74de507dfa836d6

SHA512
eddaf93c84c99b64de615b78455424c3d4f2399b082a0ac37470f6890b22f3f186d796923e1161ead732242d7b51d2e9f33b83155a98d1811dd691c436ec953f

Download Submit