hxxp://chriseric1[.]github[.]io/login

Analysis

max time kernel
291s
max time network
293s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 16:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://chriseric1.github.io/login

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

31 discord.com
30 discord.com

flow	ioc
31	discord.com
30	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{705BA095-478A-4C9F-8636-5BBE113BB9AD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1852	msedge.exe
1852	msedge.exe
3588	msedge.exe
3588	msedge.exe
1804	msedge.exe
1804	msedge.exe
2032	identity_helper.exe
2032	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe
2340	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3588 msedge.exe
3588 msedge.exe
3588 msedge.exe
3588 msedge.exe
3588 msedge.exe
3588 msedge.exe
3588 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe
3588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3588 wrote to memory of 4152	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 4152	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 3156	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1852	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1852	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe
PID 3588 wrote to memory of 1936	3588	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://chriseric1.github.io/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb16546f8,0x7ffcb1654708,0x7ffcb1654718
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
2⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5300 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
2⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
2⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
2⤵
PID:688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4964 /prefetch:8
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15295505136639257161,2681776767233584836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4288 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
c3fa9f583490c14ad5225f535a17bd1c

SHA1
c1008ff810d7e6986fa492136b49c6ceffca1c70

SHA256
8dd32fd9379bfefbf3f34a0583b87c8c2ad70e188dfd07d99e863828394c57b6

SHA512
2e8effd94d71cd29a0c88224b1df2738fcad0b521e3c0c0b7317421bbc64fe06af813ee126303f8180052921c3b903b2149d8c27adb7df5330c9cc6dcf9db7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
257B

MD5
2f589d1053546da35285717c3e80eb8d

SHA1
5410a12cfc7d2633e31005ede901f48e49e1b2ad

SHA256
4ddfc02528d14f207948db1811a9d776ec0142de70ad156d576833c58d4dfb17

SHA512
17460edf5149c7d6c695a5780f1ca0cf6172137f8f529ecb66996e8db0da22fad505f5e1d18799d5822faaba1ba37458d7cffb81c2c0c25b5ef8d921628cb614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1c2d11eb08bf8fcb9775891fecf10338

SHA1
e12bdcb949fd90e748b7f51bcd7c32906130f064

SHA256
3ec03d73e571953c07c247b2523ca27331a1dc8822172a83058ab1bbcc9f832d

SHA512
547120c15fe4768da7a937d9f9edf3095bfd534448441cfcecb48b876216c6f44bf4a91a38f6bbb021ae7857fdae27fe98d4f04cbf3697b4c71a4c5019aa15d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
48314ea94ef7492f31ace74007183650

SHA1
60dc01f295f62000be0745ae45a0bbc8120ac2ef

SHA256
f809e0bbfbbb59277aef7fa87cdd5a94ce4ed9f5af844445e1c3ac6f40e4a0aa

SHA512
25f74bc7f8577297891c4b7cfcd23c191dc33c99eadaaea1df988fc5775746316bba0ffcdf06cd9bdf5a2bac67c17a5feb0a096cd0c2fb375ade95501adb4aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
178624e35990090a1b6352ce643d26fa

SHA1
edb1540800f4f538e33d7c1fb5d2532830b8c602

SHA256
30ad1cb6e272ee1571e7ca247a390da36fd2753d803315ce1dd1ea4ce5a9f9d8

SHA512
3e8f86cb5fcaf461c411b2cf7c2d656d40392428b0c3e3d38a8d5d2d499e0531538fe0c281d5da38c68f2ba2babef0ce66cf36fbfd8714ca7c3c8b0cca57ac5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
69a1d7d49357405c7427100a65eb3cd8

SHA1
8a4d0f4ae473130c275c7ce7ebe89f665d736544

SHA256
02fce1ceb655141999b0749d5c6bfa2aa6d3b083b7bae26259aa221312e669f5

SHA512
6ee101a329de916e0860e7b79f88afe53e6cfb49942f5e052f099ccef1cf1ae38185ce18f975928ca89805a851a4f5783183d1054b9f4f564d40f89e8e17f501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
873934211053e95c37251975f611824d

SHA1
3511e76a83b78237a14039d9e2a8297da4a80f9f

SHA256
e8c8fe8d6a6d907867f4f1a9ace0604f03d801269ef9e3d4ab51165bbe540c1c

SHA512
74453c89e7421dc96b772ff34de0cf2a7a1ddd20371ac97f057bfe11a471981be1d8823d42d22c9c9c2028e699931dba72c2f8381d17638ed02fcde84e31b285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
2156de0d3101dcab6bae7b7477e2dc11

SHA1
5518f0fb16caa2d8d9843fc233be04e06c6eab70

SHA256
456ed91c0e3d1726bc7e33b704ac8220ea6bf0c6a7c6e1a65b0b22d18c440377

SHA512
b553c29fdb7332e8686626937befaa15464c5e323691ff96fefe657b4285542a016b6bd1da4388d51cd26bf0e28eaf42a213124e6b8c38bc82d58f269ebb9c53

Download Submit
\??\pipe\LOCAL\crashpad_3588_OSYPEBIDDPPINTLM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit