hxxps://hugejuicyclick[.]offerit[.]com/tiny/GKvrp

Analysis

max time kernel
320s
max time network
328s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13/09/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hugejuicyclick.offerit.com/tiny/GKvrp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1588	msedge.exe
1588	msedge.exe
3784	msedge.exe
3784	msedge.exe
3724	msedge.exe
3724	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 3888	3784	msedge.exe	78
PID 3784 wrote to memory of 3888	3784	msedge.exe	78
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 5004	3784	msedge.exe	79
PID 3784 wrote to memory of 1588	3784	msedge.exe	80
PID 3784 wrote to memory of 1588	3784	msedge.exe	80
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81
PID 3784 wrote to memory of 4844	3784	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hugejuicyclick.offerit.com/tiny/GKvrp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff98e393cb8,0x7ff98e393cc8,0x7ff98e393cd8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2532 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11905209316485876460,1126921016804608806,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
529aed550966ef5b0e6d45d777db790a

SHA1
66e300e1a8083d743219de4d7980ed054ef0eaa8

SHA256
066800eca5b483bca0e644dc69ec23a50df1475840b5101fd95a5fdbbe7f4beb

SHA512
429c16b6f1f0e5e00696897b0f45ae1a8396e9748ccfc85c1016161097279614c4ebafe262a64a798f2017488a6da1f67e3b13e7a7f77aac0324ac7ea0816e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
794a18a1fc709e630f01b102cadf9463

SHA1
a42977b5b0eeef44fd7d746c877efd06ad929953

SHA256
3a72ec7f1ac498bf143b1aefb5a072c482501da23456a6495f41b7e8eb06023c

SHA512
adc5d4bf8ba4640bf8c28b92cae7165fd8ebe28be215a3d3c53bf767d06852865101b956ad064ab00f53477a2b11390bd29a866d4e5cd232f1214c7ee5f9f793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
62155c559afc9c00d0bd4cb0327698c5

SHA1
9d1d5523edfa7ee07a39c095a82046a25aaf73dd

SHA256
90867dcab352dbe9dae1d192ac5240ba9cd8043768e0635a2b6d2be52dd8ee74

SHA512
6b9c46388aa13f1e57c4eb3467b8713ecb1c20b0f738c116aedc2d96e9fd7ba990d513128ee3ce15ec656e2908ec2c1f5d7f64f5f8a8ab7e064e7635fba43507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7d53ef9a20b08f16e8267a43353c6ca6

SHA1
bde230f18ec84662345b6b56e91f989d1205e3b1

SHA256
aca9f3836b9a7fb8955bc5fef686c58e7e1d7a7bebd73476dc66e4186f52409d

SHA512
d4e285ab08cc9dd0f8b12ba8f4bfbd25158c5fcfae09c7b9b595f480ca35bc785ed06d026216edf0db9f706cc42969b8725b5231d45b86a4923126473bd9af00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
939d8cc37604092ee2cea7ff01852e34

SHA1
58d441ff7fbcae52c0748c463a498c02acb453d7

SHA256
41bbd84b4119f1063c5a747f10d3fad530f2ea15e4c15031f56333e2b924e446

SHA512
752db62cc4e7fe9232aa0ca0a01515e5634b91b6d0597aaa8cccecf38269b332d20f8d6f664f71c1f17a897caab0b4e95e8a9aa4ca9f58bfa80bec89e79166b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9f8e39b935fb815019b5062aa3d3451

SHA1
83de96bb88781b6f5255884a520fd42a7e0c8be8

SHA256
f4b7fcbf638d78ea7a51047cabbfd1c55eb5d5e80f4e7bb5aa264315931e8cba

SHA512
0a8d0bb6e373c3c2230cfea12851c017a68d5c38b568ff908e4b08988b1c2e72b905e7ee331821ee970c4bdd9ece1708683b7c5c6dc83b66d0c307fa539cb493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6c30211302b38636f288a591872e4994

SHA1
b896e5782ad7dc13efbb20b48da37ad83ca7c52d

SHA256
44f39fa27445bbbb442cdeb8798039872eff2a2494ff097edf703d32df4487a2

SHA512
4e708986fd476145f9fe60a7344ce851a5192608b8ff5b76afe8fab9336ded92f3639c7ffe2c3dfff6b07834d25a5ea3a7f7787b4ae957800082533c03cfa5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68be6c1352292f2a2e32d8f6fce7255b

SHA1
d02cdc8cebea95135d99656f93f76e884b7396de

SHA256
799179de0d5cebcbf0fdc52a72663b900eb2d139322001177123219de9e26126

SHA512
a0fea44270537a91c6e2d604fa2e5b7738f1bff997fb6bdc9320d237501fcd73d34aa09b7cc648f4406801384e027c505864a79b545f62ad929820796cec9084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2fdad360a88ce2190ea79a3122d65d3a

SHA1
2025f8820b0186ba4805a383d057708d835f1ed3

SHA256
5cfd7ce62a87be752dab827d8863c47c068f84a8e9aab343119406ad7603befc

SHA512
ddbaed9b34345b9c053bcf7f4d6bf6073771ae415a0222c905c703fdf20562bd7cacc6bbdcf44dd1353d1ceeba30810049219495892d7644384ade43c69553ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dd9890014054b42884d0c9e50a128cbb

SHA1
b60e0023d5574b86274c5f327d8a5da3f4791e1b

SHA256
56fe3530bc93f7fad5babe60bde246410dde7a92aa9ffe0ee0d71f48b10e08c2

SHA512
50c8c9a4df1f776e7ee7a12580532467bac0ee29f52b514a357e775f00c60d9aae2d0074581da1f8aebd36012adaf68c815ceba7ed88a09fc451b334e3a08bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7841d1f1e157f5e816cb5f6dc5627be9

SHA1
3f6fb3a1543c19598ece199ab152d58316684878

SHA256
cd3ba01d1c2164ca91bb6eefc657b794b033cb0b8e30e48f47a4e0bdd12c1b99

SHA512
2b9aecb6d106b0cf486092b5381c3ed403dc9fb70519d952d86c5818b89e33cd0abecfa027a00878f684e817f51592b3f7627fbae3a241ce07c76354630c8ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eecded376efe2d2d0bedc4478540b951

SHA1
f7298d12ebe012082fed78776a34e89d2ece55ba

SHA256
2278e7fb03b859f7b0f387833097245da32a0ba3a4c0f27fc3d9066b5f4a9237

SHA512
270d8405754db29891a26f66fc85f2e9490bdd4c389f0f093e7cbb94311356556787ce0b4dbbf7b864ecf15a8a86532d583c0bf148fcd592973ccda81284b0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
5354715269883fca30dd6fde95a9f029

SHA1
19cc2bbc749db5cf16eb987e66a14efd141ae0a4

SHA256
3b241b940000b37a11c6782ce23cf1d1b3c8c37320fd6948a42e321989044c19

SHA512
dc1e8aea259c16e82e728c94b5505b0a5466d36023688465100778ed8c7efdaaef5a5dfc0ad8bb630d3ecd3c4022bc36fb8f868844d7e83a0c83c4b9d61a8bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f98928430e35693894a5810e4212798

SHA1
e5e65a3494675360d5070ae56720b29cfdfffde7

SHA256
d1883dc8063ff5ac682940f237e4f51c0316c4a0c5da7a5bd3969a112fc5f78c

SHA512
c10d19fbec5416aa54020a52b7923df38f516d93fdf59ea2e40344dfdad80bb1ebd75b69b747092f16f61f98f3e907ea002d5382c2d7ca2aa6aad65c3f0e2e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edc6e3adf0d8e9d43b37b860ca075b86

SHA1
32a262e58c49c8b6e9c8817a946fc038e3881b58

SHA256
36f927af73114c97e94040577d55d7dd991e4de32bc41f602730d2aab37983ef

SHA512
64e901547e137ad302b07271fa8937cbf3204072af47281709e54c708f3043b10f79fca90af8d38ea2b61f2ace38d10cdda61e7077d191808aa7915ab68357ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c9919eccfdc01dcb2a5bc20db9810866

SHA1
7fb07fad01c407f4ae11944dc2215120f48f256f

SHA256
3a378a3ccd85f48754cd033f26b696ab30f6012c8098246f6e08a97e649f626c

SHA512
a33abafc8b3287270338cc3c220a4c9223f16682163d21fa49c9cc53d2a9b21ec8d50bd8f064514e6fff1309cb55efbbac010748f0862f139a7bc89cab9e3ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
199f383bb6dfc39f85fa45146c78faf6

SHA1
bb0591c97a539110b6b14ced5a109579c32738b7

SHA256
f11eb5d85c6507223c869b34e265cf0fc0ba91b12a1fc4cbb20d565ed350d92a

SHA512
ce043c81d4d00bfdd5bf2881f7197bfccacb04d91b53e3f2a8c36049aa944e26e14b9ef63d855c20939b59190fb98272426ad88ceadc967486442db0b8be971f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580644.TMP

Filesize
874B

MD5
0d2ae95109e6c402cb75b8c85e27816e

SHA1
b2943333679e2beaac959293a6f6e4fbacc4093f

SHA256
bb4d0bdff6c81855619490c780420d5a0c408859c1dca2fbccd8e7ab977a7d99

SHA512
c668806672419f3b520b8bcd2437710fd30252d4a695e9ffd1d0cca4d10b780dc55046eeb7891adf847a6e787b31d038dc53bda20616e8d297b79c692ba89d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c686a515-451b-488b-be5b-e796c1be2e67.tmp

Filesize
10KB

MD5
cbe9a2088f70b5e0073f8da2507da392

SHA1
d6121831e75ba728bcd48462d8e85225503c772d

SHA256
2347e7e029a176e475c121e8d0251fdbe1cdd16f69e115f66885aba8afdc64f1

SHA512
5ef245f6ff431e53f4ff4516f6f488b9099615f19ad2462838df46c2e21e66f4d5632de588411a44aaec93c71de3cff3a173573293ca0d2e93eda66ab1e883dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit