Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
08-05-2024 01:29
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 21 https://try.abtasty.com/cross-domain-iframe.html -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2648 msedge.exe 2648 msedge.exe 1304 msedge.exe 1304 msedge.exe 636 identity_helper.exe 636 identity_helper.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe 1304 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1304 wrote to memory of 4016 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4016 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 4156 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 2648 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 2648 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe PID 1304 wrote to memory of 744 1304 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://openvpn.net1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecda146f8,0x7ffecda14708,0x7ffecda147182⤵PID:4016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:4156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:82⤵PID:744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:4916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:4808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵PID:3460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:1824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:1364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3484
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵PID:4560
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:4288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5579372034742798395,609726649983142872,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3836
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416Filesize
230B
MD53131849ac52990e369172536efa366d8
SHA10613e102c7566672eccfc54fee50810e37c40e8b
SHA2563f0a1adc7688c243fb3812207f6683d481c2448e093f7469a32a9f6dcc1baec6
SHA51285b48bf9e767dba9e878679650edc33b7e004ac4a95209ee05f557c41fd9ee7f13ca68ab2d168584ebd2d7bc5c106f7f186dfcdbed3f4e34baea59a5580f96d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\24c9d572-fc8c-4d6d-b18d-2e91f15bc6f4.tmpFilesize
7KB
MD5998bba7333541b2326381234c6db7b60
SHA1d9cbbf2d4183277730a169fc1b2714bc84197ca7
SHA25685de47b25be2628ca99d885bcf69a15056793df63a2b6ecfdd0cb534124379e5
SHA512d55bd7b61d45a494ec422950b23f5f570e12d89b9d19ee47ce2d496d21fb1e67b7c4950f86aa3f650a15f86d7f07ce3553c9e9ac376393e9d8eb877ac01f784c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
936B
MD583a8479baf5b40bed3974f0d24466edb
SHA1d3c8f7851f4abb4ac893dbb01bd50d9bcc28b760
SHA256422d04137df5ced121cf00b580c3e87b82fc8c4651b8b834dd25682bcefcd1fc
SHA5121c19f6431af0808d15e40371feea18c6de08b2f397c8ed1618c4aa3a97f314d42079f60f9d62f9736555a44768425a720bf2bbe3a31b80bdec487a58314dc27b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5a884dd805d815819fb98980f9d08b997
SHA129726cd778cf41ff0db58f9a8521c694f1969dc4
SHA256102d114ecb0fd2cfc79732e7b890ca2e2e064e03cacdc60f522b23e7036a7cff
SHA512aae9946152511441637515dc50d23d3c60d41e57dac19ccb7170b0d987309b01858e777ca700aebd18a524e5f92ed6229f28eb26119c4deccfb4cb6ea8a915d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD56c1ce2670916059fb19dd03e02656908
SHA1ea54ce105d4eaef4fab0103ca6e18687d06c03da
SHA25608585195f8c66daab85d9350ade43f01de93956c86777f7023b07c48d709fba3
SHA5124399635b3fdc85679ba12500db7189c41c84c6b9b0ddba39a5b3f7c042ed2536260fd57f747e9801d8572dbfc6851c47cf7c4a30876e75874f734eb78ef12470
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\20aea10a-c471-49b9-a6ea-90dcc984c57c\index-dir\the-real-indexFilesize
120B
MD55ef45b894de28e0abdac85efb0f615d5
SHA163bb220f9f71bcd787921a3b031c0c6e1ee600f8
SHA256dc2e9aa01f5ea3661400816568193b1aeb42e26c4d8330f5d033ee501cfb4b66
SHA512357deaacd66017506a26976f87555586b9a36a3317e4a575bb13f1e2b6e65f5933fd50067a2a226c4adef601c78d14c0a5c5ca2bdbfec87615e10986c7662883
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\20aea10a-c471-49b9-a6ea-90dcc984c57c\index-dir\the-real-index~RFe57a9fb.TMPFilesize
48B
MD5ae669e6a91f5a99a124ef30532f8fa17
SHA1cd22c630cdc2239fa89e6d0706c6160bf6c6c738
SHA2568b67bbd87a64c0f880a4dd31f4d29dedde86bb9f363b82618a955691b4851a25
SHA512302a9707d9a739db15fd7b710657873a6fee4480373e7e1d3d700998f4cf9f1ee8d0d08b48cb7dbaa5cfe271075ab0f75ce415d9ac1efbb77f188ee667eaf33d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txtFilesize
94B
MD5f6dfbe3e1b6896ee31b6f73175f628db
SHA1718b3236085e951ea87524604c3937123c1ac1a8
SHA25658683099c6c6ea31195dd315e6bb46dd1afd037157f72372d4bc5aeb2361c293
SHA51280cdacb6d677c73218704e1182ff4695a2d05613eb37a18bd7a407067ea01135eb358292acb0fcc7399a179d34b40fa8f783b6f662e5cf82d1583e14353ce1fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c873a2463adba20c0ca18252925970bdb41c9325\index.txtFilesize
88B
MD5189cba9bc83e9b7954352ae9e71e5dac
SHA13faf62e36edbd04756008d59b80a501beee808b1
SHA256bae97c7082ba651c93a5920b8d3ed657826e47f05e40e2512fc6a13fe295651a
SHA5125003cbdf0ca4d8c1bf47a9ef298ce9d1b4a980e02915b39284da82ce823874e30d989bcba28b9ac9128de1ceb77059e2b15d8ee4e408e4be2606d49caffe4001
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5d49b3ca4fc5a4377656ade8764649af7
SHA1d3478ad4e4d60ab74cda044c1d5dfe8f8a089a08
SHA256008c509001cce76cac25f157827e1e9d40a85fb91b1275daaebb31b64e0af54e
SHA5127075fabfa55dee99a147d48bbea976e149182645c5bf14bcead70df6868f6aa071150dbf8e7448e13da4ce506a3e155c101c072989185bc8861211588f106788
-
\??\pipe\LOCAL\crashpad_1304_SFBSBQLRGVAKBOELMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e