hxxps://openvpn[.]net

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://openvpn.net

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

21 https://try.abtasty.com/cross-domain-iframe.html

flow	ioc
21	https://try.abtasty.com/cross-domain-iframe.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2648 msedge.exe
2648 msedge.exe
1304 msedge.exe
1304 msedge.exe
636 identity_helper.exe
636 identity_helper.exe
5880 msedge.exe
5880 msedge.exe
5880 msedge.exe
5880 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe
1304 msedge.exe

pid	process
2648	msedge.exe
2648	msedge.exe
1304	msedge.exe
1304	msedge.exe
636	identity_helper.exe
636	identity_helper.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe
1304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1304 wrote to memory of 4016	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4016	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 4156	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 2648	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 2648	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe
PID 1304 wrote to memory of 744	1304	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://openvpn.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecda146f8,0x7ffecda14708,0x7ffecda14718
2⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:3484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
3131849ac52990e369172536efa366d8

SHA1
0613e102c7566672eccfc54fee50810e37c40e8b

SHA256
3f0a1adc7688c243fb3812207f6683d481c2448e093f7469a32a9f6dcc1baec6

SHA512
85b48bf9e767dba9e878679650edc33b7e004ac4a95209ee05f557c41fd9ee7f13ca68ab2d168584ebd2d7bc5c106f7f186dfcdbed3f4e34baea59a5580f96d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\24c9d572-fc8c-4d6d-b18d-2e91f15bc6f4.tmp
Filesize
7KB

MD5
998bba7333541b2326381234c6db7b60

SHA1
d9cbbf2d4183277730a169fc1b2714bc84197ca7

SHA256
85de47b25be2628ca99d885bcf69a15056793df63a2b6ecfdd0cb534124379e5

SHA512
d55bd7b61d45a494ec422950b23f5f570e12d89b9d19ee47ce2d496d21fb1e67b7c4950f86aa3f650a15f86d7f07ce3553c9e9ac376393e9d8eb877ac01f784c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
936B

MD5
83a8479baf5b40bed3974f0d24466edb

SHA1
d3c8f7851f4abb4ac893dbb01bd50d9bcc28b760

SHA256
422d04137df5ced121cf00b580c3e87b82fc8c4651b8b834dd25682bcefcd1fc

SHA512
1c19f6431af0808d15e40371feea18c6de08b2f397c8ed1618c4aa3a97f314d42079f60f9d62f9736555a44768425a720bf2bbe3a31b80bdec487a58314dc27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
a884dd805d815819fb98980f9d08b997

SHA1
29726cd778cf41ff0db58f9a8521c694f1969dc4

SHA256
102d114ecb0fd2cfc79732e7b890ca2e2e064e03cacdc60f522b23e7036a7cff

SHA512
aae9946152511441637515dc50d23d3c60d41e57dac19ccb7170b0d987309b01858e777ca700aebd18a524e5f92ed6229f28eb26119c4deccfb4cb6ea8a915d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6c1ce2670916059fb19dd03e02656908

SHA1
ea54ce105d4eaef4fab0103ca6e18687d06c03da

SHA256
08585195f8c66daab85d9350ade43f01de93956c86777f7023b07c48d709fba3

SHA512
4399635b3fdc85679ba12500db7189c41c84c6b9b0ddba39a5b3f7c042ed2536260fd57f747e9801d8572dbfc6851c47cf7c4a30876e75874f734eb78ef12470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\20aea10a-c471-49b9-a6ea-90dcc984c57c\index-dir\the-real-index
Filesize
120B

MD5
5ef45b894de28e0abdac85efb0f615d5

SHA1
63bb220f9f71bcd787921a3b031c0c6e1ee600f8

SHA256
dc2e9aa01f5ea3661400816568193b1aeb42e26c4d8330f5d033ee501cfb4b66

SHA512
357deaacd66017506a26976f87555586b9a36a3317e4a575bb13f1e2b6e65f5933fd50067a2a226c4adef601c78d14c0a5c5ca2bdbfec87615e10986c7662883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\20aea10a-c471-49b9-a6ea-90dcc984c57c\index-dir\the-real-index~RFe57a9fb.TMP
Filesize
48B

MD5
ae669e6a91f5a99a124ef30532f8fa17

SHA1
cd22c630cdc2239fa89e6d0706c6160bf6c6c738

SHA256
8b67bbd87a64c0f880a4dd31f4d29dedde86bb9f363b82618a955691b4851a25

SHA512
302a9707d9a739db15fd7b710657873a6fee4480373e7e1d3d700998f4cf9f1ee8d0d08b48cb7dbaa5cfe271075ab0f75ce415d9ac1efbb77f188ee667eaf33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt
Filesize
94B

MD5
f6dfbe3e1b6896ee31b6f73175f628db

SHA1
718b3236085e951ea87524604c3937123c1ac1a8

SHA256
58683099c6c6ea31195dd315e6bb46dd1afd037157f72372d4bc5aeb2361c293

SHA512
80cdacb6d677c73218704e1182ff4695a2d05613eb37a18bd7a407067ea01135eb358292acb0fcc7399a179d34b40fa8f783b6f662e5cf82d1583e14353ce1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txt
Filesize
88B

MD5
189cba9bc83e9b7954352ae9e71e5dac

SHA1
3faf62e36edbd04756008d59b80a501beee808b1

SHA256
bae97c7082ba651c93a5920b8d3ed657826e47f05e40e2512fc6a13fe295651a

SHA512
5003cbdf0ca4d8c1bf47a9ef298ce9d1b4a980e02915b39284da82ce823874e30d989bcba28b9ac9128de1ceb77059e2b15d8ee4e408e4be2606d49caffe4001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d49b3ca4fc5a4377656ade8764649af7

SHA1
d3478ad4e4d60ab74cda044c1d5dfe8f8a089a08

SHA256
008c509001cce76cac25f157827e1e9d40a85fb91b1275daaebb31b64e0af54e

SHA512
7075fabfa55dee99a147d48bbea976e149182645c5bf14bcead70df6868f6aa071150dbf8e7448e13da4ce506a3e155c101c072989185bc8861211588f106788

Download Submit
\??\pipe\LOCAL\crashpad_1304_SFBSBQLRGVAKBOEL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit