hxxps://2yCD[.]hanytimin[.]ru/gHncp/

Analysis

max time kernel
1681s
max time network
1686s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17/12/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://2yCD.hanytimin.ru/gHncp/

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\fa377a2c-3378-4c81-b2cd-ed6432d4ac29.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241217171916.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3052	msedge.exe
3052	msedge.exe
4836	identity_helper.exe
4836	identity_helper.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe
3052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 640	3052	msedge.exe	80
PID 3052 wrote to memory of 640	3052	msedge.exe	80
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 4844	3052	msedge.exe	81
PID 3052 wrote to memory of 3260	3052	msedge.exe	82
PID 3052 wrote to memory of 3260	3052	msedge.exe	82
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83
PID 3052 wrote to memory of 4364	3052	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://2yCD.hanytimin.ru/gHncp/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x40,0x130,0x7fff605946f8,0x7fff60594708,0x7fff60594718
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff622285460,0x7ff622285470,0x7ff622285480
    3⤵
    PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=900 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10658090400406597878,12476315922550554247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d57a449c855203411a38d5ae80bc24c

SHA1
b361032efa556fc4557bbad595ce89c4b0c13dba

SHA256
bb59bab10e406cd91bdfe4fc0e8ce2817a6ca32fc731ccb3f90b6b79c1a46c21

SHA512
8d4244dc9c0e9518cd71aacaa54d43c1e2d74519e3e692160b2b040d00aac25c4ba7a5705391e50957d46c8c711dc07604effea3bc06c8956ecf717f61008da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
77fe0ce7e1f9c9ec2f198ad2536bf753

SHA1
2a366472f227a24f3c0fba0af544676ea58438d7

SHA256
c69ca7653724e1e9e52518de8f4f030813e1431223d5b6ad3270531d8df89f00

SHA512
e8d4e17b93fb19364eeeffc5b1016fdbe566a8b8d702005291ff263367840b8ccc76290d8a3ad457d40fb5d1c2204bdaa5acba9374236c77935ebb0fe597a095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
6741b95fb52966595cb8f7e6a2a00a7f

SHA1
43b773054544f3e0c5bf0fb84795a48aa4ae0fcc

SHA256
14fdd82821247e97d1a6ed4207e5294897f586fc9f388d70ae2cc92f071d74d7

SHA512
64d29d608b6a2d81b20819f8973dacf247ae0cbe554d1670b88ac9452c0eb2b5908e844b0c91a0c794401e9d542b17a264b5b30cee10faca85e2b219b03a3807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
fe1585929b2cb4d6a73bc05ad6022f44

SHA1
f9219f7a14fe665c550704a7831cf88669549863

SHA256
b5a16cfa3f6c5ea019212a17c6853e57e2589944a3d773be453bffd88c8438e2

SHA512
e5cd0521d816b77601d0f61d564792b17bc7bfce3f1626c73bbbcb8064ee9bf53700b8daf5bec1f77cd4b4e70fe9fe12b035a7f863ca9a1ed9051b60c191f41e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
dc411a5d56cc8f16d76f2c15bb511cfd

SHA1
5ae03dae07f8d381888a1a11b9caf947c6129d20

SHA256
57166ebb2addb8e39f66767f0dd153f3c1e410b28e5cce29ba028a4b92447fa7

SHA512
9c2aa649f0621d377f40c60b625f44ef622e83640e3ab929ee4bb68b6012c977683b27c5691d4c5431cd368d143bd383519448a7d2b541a05da91d0a81834df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d9fda814306edc0466ca4843ef9b5c3

SHA1
15d39c5946ebe09f80ca0453e0cc9e6ea64712ee

SHA256
b7248f2f4ac5cf2e79f7b671a4ce1a6aade38d27bbb5f9845daaaddef7c2a1e6

SHA512
0e33fcf252e46ffa71337361ea08bce268a67f96f5b6c26cc03b3d17fb0274ce0ee033cc6e2a31ad9d7a871c2e0cedd4acfde9ec9250019e14d02d53168e6c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
709B

MD5
e0fc51a795d767767074005d98818c1b

SHA1
87b60480b6901898dd69ae9be0213c700946afef

SHA256
c2d5bfa3e47cba1a2deca2a67cce1683cbc2d3b73e935a9d30c9f8ad44936256

SHA512
ea5513c3488ab9e82e5f3bf3c4e4ec4bc12a970c84946f01176e537f056b8499baa5392d5b7b0fbef9052ab03601f1e4a8e1fb49b71fa85d3ddb3e7e2725970d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58a572.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
33eee6855046119cc3ff23eabd89936a

SHA1
d169d587cd35a01e33626b72e0a5f9f71a7d0974

SHA256
84c68a65befe4afaa3fde691c858069ebd2f68463e6ab7ee660fb4462c1a76f3

SHA512
cad43691d60f1cbf5bf9096a57d15078a9b5a6711c15f69d2c6a7920a10eb7b28726c6ea6ef64521487f7d3859ae5c6129d69bc3526ecfe628783496395e42d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43486b828c3de57b3305f335425dc265

SHA1
40d9cf87fdb65967fce2799f85759c8c3ad0b7c7

SHA256
315caf0e141cc54bbeba36ba78060839283d200d92723eda3b0dcb48d8d3d574

SHA512
727cda8d73ef7780dc7048fede84adfe00be5a9871bdb8d962246c058c0891bc1a327bc17bf55e60d077a7b03ecaf39585da970475fa5eec5d89eac77e44734b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2947e4867c4ac2f590eb8ee792b9a3c9

SHA1
4d4a8243b0d77840d80178cedb824573c7d710a3

SHA256
8f22d5c616b2955adfaf500c7ea86ce3a34966ddc26a9d7e0ce84d40c59468b4

SHA512
b6c333a32ab2f2980dccf8411efde7aabe4860bdbe1a4530d419ad11e9a9dc6f7cec7b4c159390b4012ce42f1ab95c6e52ad19d4b61b9aa506b9ef5449dc90ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef322d69045f1e0cfec3970cae65970d

SHA1
f92fb0f00195cd23a9c57f7c710b9463482f1acf

SHA256
76e40efcadc34f48b5b37177ac1554593af8b5a14ac4860c1d9e605e0688779d

SHA512
ab511b17abe515a629b9c45a7967324302896646b59d39d993d322500b2da7e08c70db4d712979093d724551041f1d88e6a458e4b11f435e1ad39f3ed471459f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9b2345e425acf05ffaa1dee20d4fdbe7

SHA1
aecf86c5a5d24b77aea68f6bc99e7f42c9048bc3

SHA256
1eb6cc0eab0b222c1111dba69db74281366b9f5dc9f8707ff215b09155c58d14

SHA512
647fc97d693b709ef3b0877b6de1d4f9f4e1085d35b809d27360ede1be52b37f9a967fb80ce43be35d60b52409c7e4036376d7d931c96f0660a2eeffa58a8208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
77006dacd174a80aa9b867f95d5df337

SHA1
7078db638c72ee5cf4ede7911e4421cc4ae103c7

SHA256
5e22af33da2ed3f3197d9c899a8fec5e2716b54be019c484cd59960da8f143d9

SHA512
e8268ed24af38eaebda4cd864e5580ed1bb63e3e4b72a27fe3404baeb7c8c944a7e79282712ac9d0b33f0123654dedb1984633d6ae2a5b412d6536e2b0389bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d89b78d1e7505dc66bd74a48acc64e84

SHA1
0c7ebc34bb784c516610aa2cc6d4ce000a50c04d

SHA256
c45e74a42a58a67d65e1944c4f112aee43088ec33215636c7a86be70bef90781

SHA512
de592e441396bd969b9aa138b3b09f68fbca5cb36d179e90805e65ef276946384047d84260f5fab65cc1b80c63f67045d008adf2d528d7c9b8cf4931d34fe54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59161e.TMP

Filesize
204B

MD5
02381832d4cf3071df214362c8331751

SHA1
92aa6c695c60158fe010b1d2dfe0ff1f5fc9aeb2

SHA256
2e36ab0bb6dc46f1bc422269c0d59f6f2a0196e1a552aea5d33f665567592e99

SHA512
400322622f883f0d6a1c20d348bf59c7d3a5716d6869c42c85f5be0502ed5b799bb92d77aac80f01c1ffd83bcdbb3abe83d4958371ddc86b25e0d0e79ee9a0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3b7c7906bff913e5f1eb247cc86ff45b

SHA1
a9240019a0be914d7dd190188130979d2a8339f2

SHA256
e3e0e92b0d9239e12fadca7935907121da020cc5359d3658bc7bbff5f86ec4da

SHA512
26ed3e45f34bc98b83188dcf2ffd272d05d93102ad8173de0088d5906ce63442a1d1271e615d1761e563b1c1171a7f852901f7082d48a0de7c34a1347768af71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
484e2dec1a4e1ffbeeb84af2218d7e38

SHA1
12f3ae80fa327856fce16c458ca9266dd07432d1

SHA256
b2caeef45434636eea7ebdea8931199cb99c9e81ed0c158d879e9c76a55948cd

SHA512
761920caede15c39f34e0acfc8ae7f4441ea7b56eacff2d53ac09461fcb3f72dfef13ff08ba4c128f18446e038950950ff95f6f8df5ffb2dc9bb014d9f23234e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
04afed62768ffa7ea2d41ff93216477b

SHA1
ed6a2b5a3456b0b7caa9c8000b690245d0b6710b

SHA256
f7cb098d5595445cf4f3dfa41dd5213a27ea0cf275333b025951cd6f622094cc

SHA512
fed58736789bbe56ae803db0726d1076207e4f8131cc5c7edff37681823612296abf147786b65a3e569453caf3fc194a73cf1fdf471f2424984c51af0367c094

Download Submit