hxxps://anicrush[.]to

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anicrush.to

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1556	msedge.exe
1556	msedge.exe
5048	msedge.exe
5048	msedge.exe
3100	identity_helper.exe
3100	identity_helper.exe
5284	msedge.exe
5284	msedge.exe
5284	msedge.exe
5284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5236	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 4024	5048	msedge.exe	88
PID 5048 wrote to memory of 4024	5048	msedge.exe	88
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1868	5048	msedge.exe	89
PID 5048 wrote to memory of 1556	5048	msedge.exe	90
PID 5048 wrote to memory of 1556	5048	msedge.exe	90
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91
PID 5048 wrote to memory of 1056	5048	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://anicrush.to
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca4e846f8,0x7ffca4e84708,0x7ffca4e84718
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3273196641411514876,16195722587128167910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
89363ddeeb43c8ba218a45c0563532a5

SHA1
343045231ad566dbbb92ff7ccdd17d47d8373a99

SHA256
32f05bb235eb08e7d9f489240c0685bd7204650c327ab792f607c7f758da8dfd

SHA512
e465d65ad6a4f222634dd78cbb499b07eeb86a5e5c04edc1c10491af0de4d335f48c19c131e16175deda4d27e72be30e258d73a606c85fefc3996464ee45e3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
8323a6f3e47239145ec8733382e8df47

SHA1
c0224accaa24633c834bc01588de3fda367fe1df

SHA256
5032281f629a9b94c4a6963badd30624e8eda0fda12a1b83a6631f6c86e7139c

SHA512
8b65d52ae5863fef23b816f926733502e1cc930f57040568c3ee954b79a4c1991373fefe6872d137e41d5516a5e5369c330c18821df2737eb25e6f3649f125ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c52053614feabf1c6888222cf12dc05c

SHA1
eddf0c74f56ed55b690b83674e6761a5285a427f

SHA256
eb6320952d676b96124f2dbf86822d0cb2ca9566e19f003a1a0f52a736a06069

SHA512
8d2c1a98f0d5fd25c44d4668c0cb8824cb4caaca1e0bc51f4a09c5ebfcb0c8bf7b0b75d4b6926905ef55c7b2fced4b4feee62475c851accb52e5d96c62d30ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
83d50e026976fc6c07cfd39832f4d954

SHA1
6421e63e6bd86716e35fab5165d1886c9cabb037

SHA256
374c1a19f5241ac0839c4f69d5793221c452a485a92d3049a60b5a10bd46be26

SHA512
1fb00ec96aaa3b3ab0ad700c24ec4e679dd4010f50a65470fc8af8cfef64628eaa9ceb6b716b0426c41ea3e07ed5ecb060fb28ec45ecbe4a1d7477d5d2b294cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00493ea020713f449123d013e8f23560

SHA1
e216bed161fd6e1853d97d079b0d3c04098c5a95

SHA256
8bde2d15e8c86028a00caeb487293ec54b378e0734fde997cc78aca6dc3409d6

SHA512
5b5acca319ef069eaec62a7cfb4c40c5e1f4220cf314f536b25de7d0dcdddca6dee37095753744d4ee2f1f87b2eb2cc953f826932a01e9640297b17ae478bd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c531665de2461ab2e6cece23fa51a0f

SHA1
11cae604103b27689869026bc1f27b22795e3dd2

SHA256
9b61acfe80f4decd274471164eb5fc485c7821d7c179c4bdb53403e082de4328

SHA512
bf04b51fdc36563f83e90c796caccb5081fe585569b67addabe8b4bd31ce9e7ec00852462847934a52c0d751adbf2baf4737107280e9e7a29ebfccc6befbf335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e8e543be06bc60ffeefbd542da494a0

SHA1
9fd75186e5c186b2bfba78d40dcc054e1412cc6b

SHA256
72ffb9171e673a7a2e27edf174dc990e6d1aeacc3879b0fdd5a897c338867c7e

SHA512
32f69f34c59aa7c435123e7dc4eb8ae80cd9f883934c3940a0e681ed0863155bd0090022e21becd7e33042fac92a82ad0309b36be27e475e1261e71ac3b60d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9078e895cb7a9b6f80750147fbf57779

SHA1
cd6bbe0dc7a7f75e1de7101eb72562890268f30c

SHA256
8cb1f95d24905f9c6b1f1683c64dc613ed5a8d981223d8b3b00b1e0927e098dc

SHA512
8929e96da51fd42fa7a649e42861ddc9479f837d26918cc6b7e7cbd7087e97be01d1c9457466212e02490837afe7eec3c2825f368d47a3feacd47392a82487c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3462c64da29122e2a8677dd895514279

SHA1
6c0c23dd3f0a3e40b5a7e6fc6d8e07441f7a607a

SHA256
f2d507f39a8df55069bbf915b2a3bc4bc1c95c205923ca8f49b26645c4ce9676

SHA512
f559ce219a4333fe5b32a2a7a3425cae726e19d6aa00d154f3bc50b914c31558cede6e46ff7b7bc3d7c729095b9687d5b5ea925dc8f4601bda6e94b14d2fe773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9f94181f72d1fe60f548a2a64ff0185

SHA1
270846d6ac13fd6aeef22e3710f0ba0f1ca92532

SHA256
c91d20ae9f5b1b07e4a77737b120af9e33e8cb1d5cd6d12a9781b9712fbc0c83

SHA512
da1fc6bbe7fb726bd92693be96de2e5c861322a5cc454208cee1ca2ad877145c0566b69853196cb68f331dcfc4f7b7428c113b7f5beb8dbc65cf121bb0f97334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
42b43235a6134b4b6366256fda540220

SHA1
a48383e15c8fa4921e9a882abc599e2727addab0

SHA256
ea11f9b175452f48776ecad45f06f3c0e6f7abb23ea7b2c0f9685f6bfc6493f5

SHA512
ca9c504355fe694429ab40d189326770c454cf8f31295afad9901c4874678c5826fae9359bd83e7a098cabb20a17463a8b78a10487deca3c1e6ae44d33ad3d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f874.TMP

Filesize
869B

MD5
85222299b18471463c2abbdadba73f71

SHA1
1f90995fe281baa50458c35635273499bc3606af

SHA256
1e230e593cb2a26f8ffc702cf0c92ea1bb8b63943c03c4eb7a3d2916841fce21

SHA512
0b7c792478fae950ab1aec8f71da59e35b1279c97393b161a41f55df3cf3b28acf44acfd17e15d8abfe1ab553597e2274c93c15a4689e468162a4ffca0cebdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1f5ea197ce394ed117fa2e4972b17ee

SHA1
5517c55d99cf9d6898bdd0229a554c2f3549c2bd

SHA256
84eb8a96db898f14ec7de8fab5d3823cb33981cc75be145df87d483f8ab9b0c1

SHA512
4abe47f17e66cd9a3179170badd5cad1614fc4ff6b0d8f1dfa1c332e4cfa4b58d22589b6a4dfb195e9fe1a65f390a182cbb7f4609e8cc0788c5c03ad5e3ccae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e05a1d61956b08a942d98f7aa6f71134

SHA1
107a5c2c2d97ba599ff80b3d62ca16461fedf6bc

SHA256
6b3d8ba6206486c70c8b0f0105bf2743b0d882609986f409c12065d99974a676

SHA512
929fe319d95f29999f76f5a6448dc5aeef5c535c8bbb3994e3ab74ca70d4aca5a9e5bca3cb43ae273fe7d0492e0af88b51a25ca094fe0ed3869dceb757eb99af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit