hxxps://domochemicals-my[.]sharepoint[.]com/[:]x[:]/r/personal/pascal_dubost_domo_org/Documents/fournisseurs arret 2025 site complet[.]xlsx?d=w39727f9852e1455aa2d5f23795b59567&e=4%3aecef61f9c2f44239a59c8e0a95dfede0&sharingv2=true&fromShare=true&at=9&xsdata=MDV8MDJ8TGltYW5lLk1lYmFya2lARG9tby5vcmd8MmNkYzBlMzFjNWU5NGM1YTZkOTgwOGRjYjg2ZmQ2YzV8YWFhOTY0NzFhY2JjNDE1Yzg0ODE0ODNlZDI3N2E1NWV8MHwwfDYzODU4ODAzNzY4NDg4Mjk4N3xVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=Vk9XSmcrelNFRGRSWUlVblMrMEZ5K1c2ZzdUN1lIOCtYb2NjbXM2MU5RND0%3d

Resubmissions

20/11/2024, 15:03

241120-sffy5ayglm 8

20/11/2024, 14:52

241120-r83g6aykhv 8

Analysis

max time kernel
90s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://domochemicals-my.sharepoint.com/:x:/r/personal/pascal_dubost_domo_org/Documents/fournisseurs arret 2025 site complet.xlsx?d=w39727f9852e1455aa2d5f23795b59567&e=4%3aecef61f9c2f44239a59c8e0a95dfede0&sharingv2=true&fromShare=true&at=9&xsdata=MDV8MDJ8TGltYW5lLk1lYmFya2lARG9tby5vcmd8MmNkYzBlMzFjNWU5NGM1YTZkOTgwOGRjYjg2ZmQ2YzV8YWFhOTY0NzFhY2JjNDE1Yzg0ODE0ODNlZDI3N2E1NWV8MHwwfDYzODU4ODAzNzY4NDg4Mjk4N3xVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=Vk9XSmcrelNFRGRSWUlVblMrMEZ5K1c2ZzdUN1lIOCtYb2NjbXM2MU5RND0%3d

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 05|02|[email protected]|2cdc0e31c5e94c5a6d9808dcb86fd6c5|aaa96471acbc415c8481483ed277a55e|0|0|638588037684882987|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|0|||
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
2664	msedge.exe
2664	msedge.exe
3604	identity_helper.exe
3604	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2652	2664	msedge.exe	85
PID 2664 wrote to memory of 2652	2664	msedge.exe	85
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 1820	2664	msedge.exe	86
PID 2664 wrote to memory of 3556	2664	msedge.exe	87
PID 2664 wrote to memory of 3556	2664	msedge.exe	87
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88
PID 2664 wrote to memory of 5116	2664	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://domochemicals-my.sharepoint.com/:x:/r/personal/pascal_dubost_domo_org/Documents/fournisseurs arret 2025 site complet.xlsx?d=w39727f9852e1455aa2d5f23795b59567&e=4%3aecef61f9c2f44239a59c8e0a95dfede0&sharingv2=true&fromShare=true&at=9&xsdata=MDV8MDJ8TGltYW5lLk1lYmFya2lARG9tby5vcmd8MmNkYzBlMzFjNWU5NGM1YTZkOTgwOGRjYjg2ZmQ2YzV8YWFhOTY0NzFhY2JjNDE1Yzg0ODE0ODNlZDI3N2E1NWV8MHwwfDYzODU4ODAzNzY4NDg4Mjk4N3xVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=Vk9XSmcrelNFRGRSWUlVblMrMEZ5K1c2ZzdUN1lIOCtYb2NjbXM2MU5RND0%3d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4229458233769456853,868682492350948967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ca9f8e1f3d1924ee13e56b254afcef5c

SHA1
8617d0ee992662d613fecfc9d96143cbeee81267

SHA256
52521c65c3cd2fa779f99ec24803729eb81086537fa4e3cbbf5033c5b8becb4c

SHA512
5ca73807dda7a13a199ac9d3a7ffef9e4405b50d98f436ed31b63bbbadc9006f68f7ab6c6f8e180aade2fd7535c529ace215391054c0be9866a31ea038f5bc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
db2d3e62c7c992a7bfb5da957c71cd1a

SHA1
eb72a49d46f487715066e2cb44a464dcb9626d31

SHA256
dcbbf856cabed3952b4effacb1898e20603da0ce315bbfd04d9ee9a822e2f76a

SHA512
6b7cc85ca7f4c610f8087afc79cf0106d99cf69f2160105df2445e2820cd1e71c2164e57f6efb2ee530316798895ec4c186c44966d41e661552615ded3e9d651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
527B

MD5
eb9835e20856762256e9c8e83de921f7

SHA1
1fcf9b67ecd7d8ebf6ab5fe9dcd82f19c79a034a

SHA256
f5bdf7ff3bda6cef035ec42c2e43809ed97ff2843a6d73c8549d8fee82c782e0

SHA512
d4e7c9199ff1c94adb91bc4ad80ca2b3f29e4626bc48bb3d82731b92e3a18c3a396b6ae5b89905b4e5cd74d54d62f411276daf6d3a5a89efc914b94e5487bfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f4507e89d31ee55f4cb4a407ae052771

SHA1
6ca473f057caabc9daf23a0ee59d242451d8db85

SHA256
07ecd6312ea8f3b5c061b761c4900cbece5d436f5c342e1d55cf0404575547e4

SHA512
f2039ef70f637284caedc20b6f541dca86e8a58f246bced982a7e51137668570992c78d0cf365bda6ee79c32a83e5f66d6ae5e823400603e024a0c9b9f6daff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7a18c9361420a467e950efaf84c33ea

SHA1
cbbedc03a79ee185a95d1471a0345529fad1b883

SHA256
8f156606e52b9d0d8198c34cfc04a3fb7aa3ff38cb51a8dd3bae356a16622246

SHA512
e241ea8377bfaed570875b402f91ad45d319dea92212cf04d0ed86063e5ddf2e302abb81f00f096b44a22b50510873474d8a89110c91b863a578784f2f6e2018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17d9f76a220dacc6eb5f37f5d0567735

SHA1
eef5ce812213790762953a00022cb760ebb28665

SHA256
72a7b85096a51cc04d1aaa0b646a5ee47a3e006b6e61b71d385d9a265d44b8b0

SHA512
cb9c4dd061f20a848376a0a2864bfcbfd9184efb0691970dfa43a964c0af8dfba1835a4a70a7934e10f828087a24c07c05eb4ca25878765e84ac0eba74e1d769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f51cbaf9334da6362e0af8a01a9da42e

SHA1
0de764084de7fedddca7d6166615125840ec1dc0

SHA256
cd9ebe7a9a090fe02bc07e5c08eacbddc484c1b452a26f4c2b874ff00d8bb337

SHA512
ad231cbdce72887afa02bb5c6028e95b9899e9e0396655e0afd8e87d28942a9086e916abbbeb230e21d1d62879ef1c9f8ab467a56c6586e5cdf2b4c77d186255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
7b0561f9ecb83706d5bf3cc846a67690

SHA1
01e479557c439a6263ef3650158dfe57f88d17e9

SHA256
466fc11a75b0e18702d986c95f65011ab80a6b12e5304d3dc4377f20fb2d7318

SHA512
a89b953af14e7d001605373d27909ebb5b7b11b7f1f693cc8a9d5b09513e16589815320095a185747240a7974a15f0cfebd407f4a95fb9bcc2ca096156ae11ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582788.TMP

Filesize
539B

MD5
cbd2582496e78ae3a1ce1a8d33777584

SHA1
f09b8a009479c9a0f7f38059901d9eb90042fa83

SHA256
e867f419d3c38af54db3f9b48512b6f62db163f913dcaa615e4c23dff5f24184

SHA512
17769bad7c1f7560fe22d755f178753cee200170191a8f8d6023885939fb19792c5533e091ec37a503d6ea73ec99d62b157f5fd7d74daf99e1f5f6f0d029b8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c302ebaffa31e613770bcfd6a869831

SHA1
852bb561ee0ba7f6f02c27c430cd236db0bed608

SHA256
6d1ee9cfd561ba096e90cb68f1e519f3ce2c0ebb7f7323208c628272ca2c040e

SHA512
a98554eebfa27f66ae42b7f5e35b2b85e7b8bcd9601183d278134aa1e4eb1e8342b0423e8a341acf379b795f6c0524429ec523a284dc73511de76ca7ac9b5fa5

Download Submit