hxxps://cloudflare-ipfs[.]com/ipfs/QmUHCeP1pSsDdgDThn97MLLq4vP67Wtk5MBBKh3CjYJRqu/#ciberinteligencia@scitum[.]com[.]mx

Resubmissions

29/02/2024, 02:21

240229-cs5v1sbb7t 10

Analysis

max time kernel
96s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloudflare-ipfs.com/ipfs/QmUHCeP1pSsDdgDThn97MLLq4vP67Wtk5MBBKh3CjYJRqu/#[email protected]

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	cloudflare-ipfs.com
9	cloudflare-ipfs.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
50	ipinfo.io
52	ipinfo.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1500	msedge.exe
1500	msedge.exe
620	identity_helper.exe
620	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe
1500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2888	1500	msedge.exe	48
PID 1500 wrote to memory of 2888	1500	msedge.exe	48
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 3152	1500	msedge.exe	92
PID 1500 wrote to memory of 1800	1500	msedge.exe	91
PID 1500 wrote to memory of 1800	1500	msedge.exe	91
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93
PID 1500 wrote to memory of 4708	1500	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloudflare-ipfs.com/ipfs/QmUHCeP1pSsDdgDThn97MLLq4vP67Wtk5MBBKh3CjYJRqu/#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe849146f8,0x7ffe84914708,0x7ffe84914718
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6541747482498265864,14385171520340113355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
51195a512aba4a7911d08a5d5a0d5108

SHA1
26744822c7b61598cee1fc8550199490efaa74a4

SHA256
11bed1657d51772e5047a82bc091facfe4706a7a3faa5e446db97a2f396f3910

SHA512
5f9e592c2292731599fc598763079641b3a9f65fc64beb0c44a4d78ca8de94e9fdb5519ca03daba697c4f193d3aab3baef474b5ff3ad21f2dd3d3532e779e09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
da5f0deec7b0ec8db7a631fb261ad76e

SHA1
b9e3986b47723bf16a7944ee6d12fcbb792f242b

SHA256
a3466913e1d32dd467932a5054952d01b723a96a4c6b51535572139e7ee2afbe

SHA512
920af336b318fbd82117f593b3f3612f19c5165172413992f9a4a236e5269abd0a412a487b84e37b9cc14a95c21569ed1a480a69410756eb4aedfdfe2c2c8878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4a0f5ba9a87b4a028abcbdaa34a79b7e

SHA1
81b53a166e032129e2b51f6b9d44dce067ca0098

SHA256
681909b024b465cf7466b0c81071f50f0a5c350c9e1f1c0af8fbb7d3ca0af633

SHA512
071c7e4af5680dfb8c2ae785db0e8cc0332a0b467aed2055bb64611d71ecdb57c8e31cf3ec6b0d03dfefbaa04a35dab4f917c126ffa7c13855280013ec6bf5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc8ae6c5a8eb85e8a65e0d93327874eb

SHA1
fc11f8dca9c62fdc8dea37d6efd419e8d4f0f083

SHA256
ef5e1af8d5f828b030e10b6d8e03cca5e6013f3db43c744c60d9dd0c5572a126

SHA512
fd98a7902dc4286fefc077318e21f91b07c7ee15473034c193f20b471b702989ada1c1e5e5cc8665a2123f28681bfaae8f1675680329e144c878a615b036267e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3481a1c1896efcc5b0ce7c728552194b

SHA1
3915ac9b543cd8d2c68d43dfcc73c30b1d92d56b

SHA256
7f98c788402cd9ee1edfab3404bc9d3c2ff2b97a7fa25e0e17f48f6b4b381a7f

SHA512
844630ee8759912dc9a7056d162356713424430a101fcf66fa2ab350c85e3cdbe283a04f9d3e3b4d5f89c1527bfe95655c07ea3fce67043d3c76f3a32f014d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ecb284978fecb616e3a703ec522a16fb

SHA1
b06e525d476adab198109df7bcd5ce9755661a9f

SHA256
dd42670bb7d899541ffc229c6e54f6865087ec278678817ebf1fd632718bdac7

SHA512
64be16e79969a3cf4b23b78027578cb7202f69d4052062678e52c57d27ac469cda2106f8732231b8ed4b0b656a08d446302c603f6aa8137d5fea9e810c4d3e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78dbfdf11d85e002fa58aa78f865e5ef

SHA1
3860ec20669f17ec5b3afedacd37afb0bd1bae03

SHA256
15d61f2f7933c23a0840842ece9f1841848a476e3e0f29d8f72c1946f92f71c3

SHA512
3ecc7dd58d67e382ebce4d1432052d2326b98337a8010a47d85b5495c919774335b90576c6351aa2e744c6bab9ec76193398c9e61f5711437d50e06d48f37d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bdca5fae2ad01badb937aab4553b07b

SHA1
2e4529f9c86a49332a1f60edd2949c3b78a3ad4b

SHA256
31bdc78b748d60bbac6a033b113b148faf7a4d855b6135ac6908c73b69c23a2d

SHA512
92d680a7407b5bf07073f1b73ccdd2850b429fff8215c8379f59b5b39f3d765b2258d0b3a06cb5b471d07b86380d695ef556aee163eb56df26a61057854053df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5793a5.TMP

Filesize
1KB

MD5
75572cda8f4d8e82f6a4d83f798a0f55

SHA1
e90f06313ccfd71fe93c747a3d28da852be63bc0

SHA256
5408864d251934e0a1f9ac6c462128f63b99a79b1f5d6a4f3292bdea3470cc56

SHA512
40ccb8b595d87d972167a66622f3f6dc9a09a757ee8d1750183e22f38ce2c9707501540d7b6f25b16396f955a02f0fe9c662de103459c718cff156376c96431a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
037805b2687d976981b3fa78e1a4f55d

SHA1
40b22464d224bd05832520c02772a348050816d2

SHA256
d0252c4c97787c409b50d7734f371e9c3b76456b010c19a17ae088b98f067b5a

SHA512
e889357fc3e84930b905757a0b290d6fa6ded8875f5e6425b8132b8e90a40077a504a30a829f15411db6fb07df8cfce5ab832bf1abdd79e129588216e33f6c13

Download Submit