9c77ee1c0bd7e8863e127bcb0bfa6ecf78d8c8d3fc7a5da0694d77064d6c691d

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6845da5fa0c65eb1689238272e49477c_JaffaCakes118.html
Size

12KB
MD5

6845da5fa0c65eb1689238272e49477c
SHA1

e0c63b9451a57bb813459301fa44f98fe20c8886
SHA256

9c77ee1c0bd7e8863e127bcb0bfa6ecf78d8c8d3fc7a5da0694d77064d6c691d
SHA512

109cc7f7f3ad2a689460df8b762228bc2b8b21bda015587a8f878c54701d4b1c266c461494889f446224d4de157de28ada783ce1e23690ceab846dee85df5bca
SSDEEP

384:jta7nZvVuZzvouqq7x9QxzJ00/+M3mp24fgRzTfMMg8:qntVaTorq77QxzJ00/+M3mp24wz48

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3028	msedge.exe
3028	msedge.exe
3348	msedge.exe
3348	msedge.exe
5012	identity_helper.exe
5012	identity_helper.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe
4088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe
3348 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3348 wrote to memory of 1356	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1356	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1556	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 3028	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 3028	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe
PID 3348 wrote to memory of 1580	3348	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6845da5fa0c65eb1689238272e49477c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff246f8,0x7ffceff24708,0x7ffceff24718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9104917973693037205,17350928203543258858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7df07492c6b01196d94def2429a516e2

SHA1
66b519a0957b2934917142b027d9232fa61262fe

SHA256
b3d9c7367c853e10381b1bea972f508634bfa50fabf83b419ad14b23e54df5a1

SHA512
ebcf52c629261770cc28528ee257db5be8f2d662472bb66dd82b7bc1350b536987df5a37cc3edc22fc0a3f9b63ed17ab493603331c5ef7c1ce0fef407e1076f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8d2d11db6cd6d15e63cff0d5a55eeb96

SHA1
d1fe3225f760435366fcbce82d40fe3e51db3dc6

SHA256
e174f3b3208ba333d04f7c1eb99c998fc47c05a652bd63e46ef47f6644bf408c

SHA512
61766320e333f0010a361e7b56be634bb8e2394c91e41b87f1afea22257821b419f1b529739cb4ba24f7c010c052fb48ddd6f9d06d3e68999e92547fefdfeb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dff2e8517ed78fd40cfd8ef0b4602a24

SHA1
4a0936820024ea113de0be6bfa44ec3aae389186

SHA256
cc54784d0b1bd0af42f318afb3e522c590b06b8a5d7f868a45a5f5a751b9d3c5

SHA512
2fa5a131a062c1910b66bd76fe335cfc512dafd316c311d361db55bc450fa12837c41f3b4f77fb25d43d5177fe42d69030aefe74ae6eae9266e8f2ad08b48e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f85f4da4df84cb090213f103eafbcc2

SHA1
5f9b0549a20cf30513449bed3d5437dedcdec740

SHA256
d3f89747262bf9f9cd96ba2979185a43691c4f1236252014ce41c3af0d31d7f2

SHA512
4d42ffcf397c2850697a9282170b6e1db10ab52e38d9c0afbda1b844d1f3c210fbe38446b88addfb8da989e63b2d9eaf03710b43d8e0a0134a76c381af4c9131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b350a553a549f79ffcda3db4ee9a5f8f

SHA1
1909a9e9a13d38ec133916ad3e43368d364e0a8d

SHA256
1f2aeb50d77033318951f188967efe92d72d3620e2ab97609d079a9be87b0627

SHA512
2a12c6e8b60420c8a831b07cb6c918558c94648bd6fedb412c1dae1e68cb92b86777b9ae16901f9038f0cb00f5f5b594269d10d78a45230ca178c70b5c291df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
023ffb1442239a0efd9d6c23db2647cf

SHA1
b8cfe8104a8fd59d107e41d4579ee71a69b7cdda

SHA256
1bd327c9a223a9847551adb897da37140a67af98a18e769d3d946a2cca080d9c

SHA512
99555f88a48d6d4057168bf03a1752bcc3bcb7ec4f48d5991833de2847807bd0f3005ec71d065b332142ae10c8322b058e8ecbf0b69830c1048a6048af920487

Download Submit
\??\pipe\LOCAL\crashpad_3348_AALFIOKYAUJNOKEW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit