hxxps://cloudflare-ipfs[.]com/ipfs/bafkreiffz46tyqvifmyhjcdbynucd4duurmznmxaorlfjuwzovmtocshje

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloudflare-ipfs.com/ipfs/bafkreiffz46tyqvifmyhjcdbynucd4duurmznmxaorlfjuwzovmtocshje

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

8 cloudflare-ipfs.com
5 cloudflare-ipfs.com

flow	ioc
8	cloudflare-ipfs.com
5	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2248	msedge.exe
2248	msedge.exe
1324	msedge.exe
1324	msedge.exe
312	identity_helper.exe
312	identity_helper.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe
1324 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1324 wrote to memory of 1988	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 1988	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 3188	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 2248	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 2248	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe
PID 1324 wrote to memory of 4700	1324	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloudflare-ipfs.com/ipfs/bafkreiffz46tyqvifmyhjcdbynucd4duurmznmxaorlfjuwzovmtocshje
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd90b646f8,0x7ffd90b64708,0x7ffd90b64718
2⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
PID:780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
2⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10288601023252707908,8503360005829671520,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\41c7e0ba-70ab-4217-acf6-bd288bf7e25d.tmp
Filesize
538B

MD5
438242866ceb845ed44912c4f2e19c46

SHA1
095adf0a3723607c0c8f425f0097b679328bf611

SHA256
2d13d41066ae36f383e3a2c31fd774575688d2f37d35ddfa46bb687b2f9b904c

SHA512
3f52c72e209f8ddba39db2ef3bce82d87cfb043d4f4343dd6535764bf813fd07943800d5298399e8a4d5da64b4386fd2db8fa4896dee3089fa1fa9da75695a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
96fed1bebb1fc726a20999038ad146e3

SHA1
707daaef7927775fd5ea00c9a86d20a14a98b9be

SHA256
64d0a5a78ea09488a201fd48b85e62f5aa6f7ee33f2f69de9bcfac8c5731ec3d

SHA512
f295ced4bf1dc7e0e41c11b98f010dea90eba949292263b2310b0b0c4a6ea9f5a5ca7cc64ea50f554adce089c2f2eca74838d576ced641370e3cb4a37815286b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f3a022c1bc4aa1bada33836ad5d87a24

SHA1
ef3f62ec8ef50bcbb355ecfc6b2336fb959c9e17

SHA256
4ac508b281212b3e71d96901c8b888343a195fe0c36fa04b5fda56c1bb7ab01e

SHA512
5b090adfb55acc3d00117aa4c17fb6ea34fdf11fd646d353565a9395d397ae3509c6e8b692916c30a30acbcb0e7d52da31948bb452ecf2a835847edc272fdbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
682c41b1c5cf6fcd710171fbf7251bf7

SHA1
eac493ca9a75441bb77af28eb18504a898748b85

SHA256
c0fa848f2def1199259ff03c7fac9b05bb074df2a65e22c8ed32fd0e09f4195c

SHA512
fcf7f25368cfece7cb39e3444bbe2edb6b8b257b007bcd6e2a65e64d89b75ee318c43d7562be18156025ff6a71215d55a70875b44fc7b2e7242dfe2d47d57f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0bf9f87231d91fe88f3e60fd8e91591e

SHA1
978204f19fd8b8be2b7df193c3c5b61c8041e5f1

SHA256
65f5fce091904c1e2cd2e5045338397736133569abd3ccf784b85c5134dafde0

SHA512
8cfd931fd4a133447ced4af1500047fe650b9c27cab71b550ef3d144b22785e0106c493606474809a8711419d82865aa0361012a0d2e1f67f48962f9bf4d3df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
92e94040f7e0f3deb4509104522008e0

SHA1
3c74c45d7eeb82ed6a835dd13afb54e8f912c414

SHA256
7b543abca857d72ae09612f53fd2fb9f641dff25b492cdde7080bac537078f7d

SHA512
e5538832ff384721e37ed6c8dac7121a3c8fcd82d3ac42c9adb4fd43487ebd6abfdc279f6cbfea1bfc9c291f60cac2e2bdb076270bd90158be4bb05b507bd65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd52.TMP
Filesize
204B

MD5
3fbf2f10be88dcc055d562e4306066c1

SHA1
7f97c5d396dc1c198b14794c903f213bb68faaff

SHA256
d133e6a5827c61fd0eb52f8b1abf33057ef40421f8a3c80f347d9ddb13ab027f

SHA512
78450c4c5f2db68c7d17d1263d7a59f79b56a205ea3ef76ddaf45c84064fdf8fa2a6ac7433058971ed8bd3475f8993d69d263dcecb6a51049efba84da4374d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2ff893314eeb03d1affb5a002cf38b07

SHA1
0807fe8ee7f4b438e88070d862819f41afd30318

SHA256
520a1b7229de2b7f6905c740ea07a512993dc7ac11a998009a14b7ef4524235e

SHA512
18a2916e07ab3937330f2a3e77cef8717df89d14d8a5f967b0fc8d62e70adee2bd7943e876d03d749b861cc43f2541fa80dc48f29f700278ca7f6bb076ae8e6e

Download Submit
\??\pipe\LOCAL\crashpad_1324_ZNYRLYSPFLHFHKEO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit