hxxps://bertons-faure-berton-fr[.]jimdosite[.]com/

Resubmissions

27-03-2024 14:20

240327-rnd9tsha61 1

27-03-2024 14:15

240327-rkndbsdg88 6

Analysis

max time kernel
211s
max time network
214s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bertons-faure-berton-fr.jimdosite.com/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
27	cloudflare-ipfs.com
36	cloudflare-ipfs.com
37	cloudflare-ipfs.com
38	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2276	msedge.exe
2276	msedge.exe
1680	msedge.exe
1680	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1444	2276	msedge.exe	79
PID 2276 wrote to memory of 1444	2276	msedge.exe	79
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 4728	2276	msedge.exe	81
PID 2276 wrote to memory of 2816	2276	msedge.exe	82
PID 2276 wrote to memory of 2816	2276	msedge.exe	82
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83
PID 2276 wrote to memory of 4828	2276	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bertons-faure-berton-fr.jimdosite.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff8b2b73cb8,0x7ff8b2b73cc8,0x7ff8b2b73cd8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6338020563815979605,7089800524916625786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
961521da54822b260e23b77d4d8f81fe

SHA1
eb9f53b3573f08b4744cce32cfecbc191d51a5e3

SHA256
56132baeccab23b7ecc31a2cef9ef7afccd0e806b52714bf4a14ddefceb848d1

SHA512
ca8faa4d9f2b4d2c466690d0398ad53f702da83c259fe41a35eb1df06f98a37ebdbdd0dca5151b0c8aa11c1dd3c98862e1a0c72b93c882187c89de1acda1e9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
778B

MD5
30e0b4240718274e52c9d36ba7d21788

SHA1
e8f66e63e7852dcd4d8f5ade4d81375e986de137

SHA256
37a20e18f7e8870fa11f30d21aada473b53c461572c32af8a92e8270c7872b5f

SHA512
88ccfbe27701a4958bb3a8dbc962c2a9dbf4fe958581328d0f607e074c11fe1c07151cc01ea73a3c9f5467c542efe88fce8ca8048a3a37b001925c333757ac58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2169e3abe11db45c0e5e934289f7eea9

SHA1
baee98a1351bfd292828d72862e094a07ee69646

SHA256
cb867c4b457f1920a43068b1695acef0a3a30d87067f98f38038a8412be87798

SHA512
d24b782679f61aa5a6f15540bc0fd7034fab88853071035de0e3ba97e2165352449506b63a6a21cc29ab58d6cb809d1e743c02cd13b3a6c612979955ef7b38f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a46782a2d69064a9e9d2490076f0ef14

SHA1
ef79a2da420857273d7e50542f213c13d23039cc

SHA256
6d0395247e80f23869dcd60feeb7e16992cf6381e6d449031421a1da447dee0b

SHA512
78c3de880ffca5531ccc9adba2791ae85c9daf29aeee792922a5aa1d8740624290c2859e90c5c6fc8431c5b1eb8e313abef4d7d5fb08494cc0d2ff3537894fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16798efcef06872759df94544e941c1d

SHA1
57b7bffaf55b55641252616283e80c922dab726b

SHA256
1270618df36d2e26bb8fcf7f1e34ea538ba1d92e6ec4db14df897923178ef730

SHA512
5138ac3f71383388781adaaf1acda6e2db075eb939a2929dde35a8f5313f67e2d3b1887953050ade60a0a5daddebaf1d7e690cdb297659cb085998bde67c98ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b678ee7af68e185e25554945b0a56931

SHA1
9a990e21673a780e3ac42b175d9626fc4412e54a

SHA256
599108c24a8b683466b3ac621801a3db29ef2fd5847b62a4ddd4218329b9480a

SHA512
ee991d3224c57170e3ed73ba12e8e1713e1b72e2c2a2ce852e65984d65f775e1a8ca4662f99a7828b9f5884b7051c25d69e2b64e7a7debdd220dd734f85a75e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
4329bf2fa042a6cd9c3c3b6e40cbf702

SHA1
36ee4b8360a374fa7104cb09b0bb417bfb5e64a0

SHA256
dc3a4b6bcce25159ee012f5299cbd963557efaf9ff6fc0147f82e64b263161b7

SHA512
9b1f34b0470c8ab231735b3289c74bae383d96e4ab3334dbd6e3ceecc43039117423a1c3d79379c2f3679a5592091c8765d6782a6a5678c1839c3cdb731590d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
dda1cfd57543dbceb29d4e61ff8b3bb2

SHA1
a664ba34f629f997eaf849204b1ba0e2d7533192

SHA256
1818cc8acf65b419b9364e096faf1c853a607b600dab035d20c3bd138a7f86cc

SHA512
aab39eabdd8659bced136d818007c0c8425291412bc6900d6d9b25170dd19f76b2d28e28da3db2360b0952bc435e3b2ded69e31ca30c41992f78f96937b72a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff11.TMP

Filesize
203B

MD5
5bb7b363a20de05dd53d2d721fc7cbf5

SHA1
6b4659e7534a6b9f755f24420a3eed51e715ade1

SHA256
1821f00179ee16871c0044004bd14c39a6911cf2284d62f460f58e8d4066e03d

SHA512
fa960e79b8169582d0b73200f47f64bf4b17a07ca34556a2c90e622d454388f676941cf06f416628c41565803bcdc266feba1b1d6075abc16ff273ff80fbe104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0dd1b7c99ffd01b187f0c963b97d5241

SHA1
d5e5ee6ed8cffed1b36180e5d8b595f681f28446

SHA256
3dbde41baee94af88a34cb870e02d745ce1a4eb0b873690ebb12af2a3b1fc9cd

SHA512
dceac9f397772f992617d353d4dcedbf0f319daed3dfe3255956d649cd4e0958daaf80a53d17bc89fc25bc41ca816f198a8a28a15bdccb725a60138dd172b8db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit