Analysis
-
max time kernel
291s -
max time network
293s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20-02-2024 16:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://chriseric1.github.io/login
Resource
win10v2004-20231215-en
General
-
Target
http://chriseric1.github.io/login
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{705BA095-478A-4C9F-8636-5BBE113BB9AD} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1852 msedge.exe 1852 msedge.exe 3588 msedge.exe 3588 msedge.exe 1804 msedge.exe 1804 msedge.exe 2032 identity_helper.exe 2032 identity_helper.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe 2340 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe 3588 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3588 wrote to memory of 4152 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 4152 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 3156 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1852 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1852 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe PID 3588 wrote to memory of 1936 3588 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://chriseric1.github.io/login1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb16546f8,0x7ffcb1654708,0x7ffcb16547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4964 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4288 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f246cc2c0e84109806d24fcf52bd0672
SHA18725d2b2477efe4f66c60e0f2028bf79d8b88e4e
SHA2560c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5
SHA512dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5c3fa9f583490c14ad5225f535a17bd1c
SHA1c1008ff810d7e6986fa492136b49c6ceffca1c70
SHA2568dd32fd9379bfefbf3f34a0583b87c8c2ad70e188dfd07d99e863828394c57b6
SHA5122e8effd94d71cd29a0c88224b1df2738fcad0b521e3c0c0b7317421bbc64fe06af813ee126303f8180052921c3b903b2149d8c27adb7df5330c9cc6dcf9db7f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
257B
MD52f589d1053546da35285717c3e80eb8d
SHA15410a12cfc7d2633e31005ede901f48e49e1b2ad
SHA2564ddfc02528d14f207948db1811a9d776ec0142de70ad156d576833c58d4dfb17
SHA51217460edf5149c7d6c695a5780f1ca0cf6172137f8f529ecb66996e8db0da22fad505f5e1d18799d5822faaba1ba37458d7cffb81c2c0c25b5ef8d921628cb614
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51c2d11eb08bf8fcb9775891fecf10338
SHA1e12bdcb949fd90e748b7f51bcd7c32906130f064
SHA2563ec03d73e571953c07c247b2523ca27331a1dc8822172a83058ab1bbcc9f832d
SHA512547120c15fe4768da7a937d9f9edf3095bfd534448441cfcecb48b876216c6f44bf4a91a38f6bbb021ae7857fdae27fe98d4f04cbf3697b4c71a4c5019aa15d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD548314ea94ef7492f31ace74007183650
SHA160dc01f295f62000be0745ae45a0bbc8120ac2ef
SHA256f809e0bbfbbb59277aef7fa87cdd5a94ce4ed9f5af844445e1c3ac6f40e4a0aa
SHA51225f74bc7f8577297891c4b7cfcd23c191dc33c99eadaaea1df988fc5775746316bba0ffcdf06cd9bdf5a2bac67c17a5feb0a096cd0c2fb375ade95501adb4aa3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5178624e35990090a1b6352ce643d26fa
SHA1edb1540800f4f538e33d7c1fb5d2532830b8c602
SHA25630ad1cb6e272ee1571e7ca247a390da36fd2753d803315ce1dd1ea4ce5a9f9d8
SHA5123e8f86cb5fcaf461c411b2cf7c2d656d40392428b0c3e3d38a8d5d2d499e0531538fe0c281d5da38c68f2ba2babef0ce66cf36fbfd8714ca7c3c8b0cca57ac5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD569a1d7d49357405c7427100a65eb3cd8
SHA18a4d0f4ae473130c275c7ce7ebe89f665d736544
SHA25602fce1ceb655141999b0749d5c6bfa2aa6d3b083b7bae26259aa221312e669f5
SHA5126ee101a329de916e0860e7b79f88afe53e6cfb49942f5e052f099ccef1cf1ae38185ce18f975928ca89805a851a4f5783183d1054b9f4f564d40f89e8e17f501
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5873934211053e95c37251975f611824d
SHA13511e76a83b78237a14039d9e2a8297da4a80f9f
SHA256e8c8fe8d6a6d907867f4f1a9ace0604f03d801269ef9e3d4ab51165bbe540c1c
SHA51274453c89e7421dc96b772ff34de0cf2a7a1ddd20371ac97f057bfe11a471981be1d8823d42d22c9c9c2028e699931dba72c2f8381d17638ed02fcde84e31b285
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD55e62a6848f50c5ca5f19380c1ea38156
SHA11f5e7db8c292a93ae4a94a912dd93fe899f1ea6a
SHA25623b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488
SHA512ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD52156de0d3101dcab6bae7b7477e2dc11
SHA15518f0fb16caa2d8d9843fc233be04e06c6eab70
SHA256456ed91c0e3d1726bc7e33b704ac8220ea6bf0c6a7c6e1a65b0b22d18c440377
SHA512b553c29fdb7332e8686626937befaa15464c5e323691ff96fefe657b4285542a016b6bd1da4388d51cd26bf0e28eaf42a213124e6b8c38bc82d58f269ebb9c53
-
\??\pipe\LOCAL\crashpad_3588_OSYPEBIDDPPINTLMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e