896e447ac0541b0e3d0c56a752f3b1e3a08548d006ab1baa2f734b42b44d704f

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6921c211d34855576b773543dcf589f5_JaffaCakes118.html
Size

41KB
MD5

6921c211d34855576b773543dcf589f5
SHA1

29fcda7de1d5c7c3f8dc02d6a1d852b441986b7d
SHA256

896e447ac0541b0e3d0c56a752f3b1e3a08548d006ab1baa2f734b42b44d704f
SHA512

65978fe3d50752345d5c51778cc57411003ae470a7f02f7bffa2ab063b244abc3a310feee8ce87f70e65b7d2788397dcb06e92640472f9bf7c98e151c821305a
SSDEEP

768:I3vV7Bgo4nUZdjIYbi9BS+lGANWnqgxNn3Vb+LRVGr:kdVy+djIYuysYnqgxNn3Vb+LRUr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
716	msedge.exe
716	msedge.exe
4300	msedge.exe
4300	msedge.exe
1964	identity_helper.exe
1964	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

4300 msedge.exe
4300 msedge.exe
4300 msedge.exe
4300 msedge.exe
4300 msedge.exe
4300 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4300 wrote to memory of 864	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 864	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1032	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 716	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 716	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe
PID 4300 wrote to memory of 1376	4300	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6921c211d34855576b773543dcf589f5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6b4b46f8,0x7ffe6b4b4708,0x7ffe6b4b4718
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2076011218440012587,15938606970713226096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
823B

MD5
933e3f28fb0bd4805a5e472649b1d86b

SHA1
0d814327b4d8ec024f61c13696b92cca48b42173

SHA256
2eca3f889f64ef470b1baada2d492848eec4fd70f4b0b7fbe914d14eaaea888b

SHA512
83b3dde126de9eeb7c3a7eb78d21c2fba50dc4cb09219bcf95d991ea2aabfd1fac1da0770bc2732be85c8fbb485b755d4156211c0f5dd5f6f17a464cd5cb25cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1d8d7c50ba7a81fb6435a321ef02f4ba

SHA1
bb6e976930e9bfe8946296db3ac32286a6cf222f

SHA256
2635f8cd64158082553989924b5c31acb70f2a1cbc113774324085a9312796be

SHA512
ffb9297a6f79d7fce084c6733e479e6b0fef37fb8bb40d622ab225240ad39ab24cd15eced9bf504e53becb48ef9dd30655c4a6797ff6113e5eab074ff93d957e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12b38771486787234802774e4766ab12

SHA1
b5590d9fc53bbd533e66d276947dd3a2c92dcaa4

SHA256
5f8e0bbf1645e863282260f8d66c47078ff2750c9e2ed53691cd82bfa9a2e8be

SHA512
c65083b5eee494a1b5bc2c82c8046886a3ad467738a2445707df97f68eef234ab6b7c5a3552bd4f8fa3904d62e75f956ce72253b773124c1d9c49868a3ce87f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9737e0bd58c5ad301b2dcadbe15b7795

SHA1
46b286ba8414dd357875f12c9efaec75c2ddfedb

SHA256
721ed1874f03de22bb94c79e77b574385eeb4625fbfc4683f4f8292bd3a35f28

SHA512
3d19dab53ab52edbaa1c1e9f3c13a3df0675ca7d1132f2e1a9e5f46514231cb97b6673e99ae4eb7ac43331baa3c0dd73258ffeeb7750ba0baa88816984b960e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ba09e0e79f1940d47ad507ace91a121c

SHA1
b34448ffe19a18a51145eae3412c304df3a7b58c

SHA256
55a4ef6c7ec4ddfeb78922739c584af221c42b1fd8ad03185b502cb89fadbc58

SHA512
273496c7130970bad10bf8513f5ca38b198fcc6c63c58e25d347dff437b0bb8e4f394bc57c7aaba5c698ad961bf7ac7eaf2a30b5250c2bd9c9b09002d6c78011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4d6.TMP

Filesize
372B

MD5
92670a2e01337f79c75c1b3f2475a3dc

SHA1
5ffec2aee1e68198ab2022dc994dbd4817cfa784

SHA256
95d145099dd84cebc8eea41e25d979bda376a4072fb6ec2cb3f98516d105ce8a

SHA512
4f2cf745df9d013a9f2ae731ffa5ee8bb186607f01a122e3aac38aaac2094ca2a2dce005144bd4414852d0843987de11e3e1e9e950c7b095684580d987c998d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ebf6c7d8-4fad-4d17-abf3-10c181cd6f18.tmp

Filesize
11KB

MD5
66cbd828cd3fa09c39725820fa32ea3b

SHA1
9824cea956d4e937e3471715edea211d09306a92

SHA256
1664858bccbe22a2626e927025cc57b303557c1818b5796a6f5ec8f50dd30fe0

SHA512
abefb27c15cde7c6a5b7747aad6fac09037878bc13c707a5dd25a399d9c77b0233e28e63384fde0770d9bc52e154c936c1b6f414400cd63bbf0ba55e1a94439d

Download Submit
\??\pipe\LOCAL\crashpad_4300_SSDSBIYVXNCOOSKU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit