hxxps://diversionlendingllc-my[.]sharepoint[.]com/[:]u[:]/g/personal/carrie_day_dvlending_com1/EZU0OEG1H4BCgZh_1iRxZvgBdv1aJjfbiP7FvKJNIKA0rQ?e=VP1VVH&xsdata=MDV8MDJ8aW5mb3NlY0BhcnVwbGFiLmNvbXxhNTBmNzA0NjA5ZGE0ODRlYzFkMTA4ZGNmYTlkNjQ3N3w1YmQwZDYyOGQ2ZWE0MDg2OTU0ZjY5NzkyYTVmYWE1N3wwfDB8NjM4NjYwODAxMTAyOTQyMDUyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=YUpFSTMyQy84cjFSUmk3MXROdnA4RVVXZ0RETUo4aE1hRFB2TXdiTi85TT0%3d

Analysis

max time kernel
147s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-11-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://diversionlendingllc-my.sharepoint.com/:u:/g/personal/carrie_day_dvlending_com1/EZU0OEG1H4BCgZh_1iRxZvgBdv1aJjfbiP7FvKJNIKA0rQ?e=VP1VVH&xsdata=MDV8MDJ8aW5mb3NlY0BhcnVwbGFiLmNvbXxhNTBmNzA0NjA5ZGE0ODRlYzFkMTA4ZGNmYTlkNjQ3N3w1YmQwZDYyOGQ2ZWE0MDg2OTU0ZjY5NzkyYTVmYWE1N3wwfDB8NjM4NjYwODAxMTAyOTQyMDUyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=YUpFSTMyQy84cjFSUmk3MXROdnA4RVVXZ0RETUo4aE1hRFB2TXdiTi85TT0%3d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
464	msedge.exe
464	msedge.exe
1536	msedge.exe
1536	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
824	msedge.exe
824	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe
1536 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe
1536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1536 wrote to memory of 3380	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 3380	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 4036	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 464	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 464	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe
PID 1536 wrote to memory of 312	1536	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://diversionlendingllc-my.sharepoint.com/:u:/g/personal/carrie_day_dvlending_com1/EZU0OEG1H4BCgZh_1iRxZvgBdv1aJjfbiP7FvKJNIKA0rQ?e=VP1VVH&xsdata=MDV8MDJ8aW5mb3NlY0BhcnVwbGFiLmNvbXxhNTBmNzA0NjA5ZGE0ODRlYzFkMTA4ZGNmYTlkNjQ3N3w1YmQwZDYyOGQ2ZWE0MDg2OTU0ZjY5NzkyYTVmYWE1N3wwfDB8NjM4NjYwODAxMTAyOTQyMDUyfFVua25vd258VFdGcGJHWnNiM2Q4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazFoYVd3aUxDSlhWQ0k2TW4wPXwwfHx8&sdata=YUpFSTMyQy84cjFSUmk3MXROdnA4RVVXZ0RETUo4aE1hRFB2TXdiTi85TT0%3d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb56823cb8,0x7ffb56823cc8,0x7ffb56823cd8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
2⤵
PID:312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
2⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9803504098158932860,5911917093892162306,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4984 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
5306a8699edaf01dd33c061793ca79ee

SHA1
6e94f8715d35379d1f3938770ca1ecfde031cfd9

SHA256
b63f9046717c0db374878759924599410c58f1659f0cc45cab8e52784cf8e4ff

SHA512
11108031ac9a0b5dab22b91b108171c2c290adea81fdd50b26f66218361157a72fda651dbd712c45fa269554a81632063c0ddbeec3c8cfe2f396feb5c14a10c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f01da1a1df18162d07471dab13730c09

SHA1
e6dc2772a3402e78331ad637394e6d87ccf6f9d0

SHA256
1b4f1eb1a444a835e48a377fa3c56f95d7ab1aa3d93f92d6b72dc19b499e15b5

SHA512
ead92866b5c277908bff8c236dd781783bec5e8cc7abe72586a07768a980edb157d0eefde941ff43d7ee6d6a30abae603e4213d4de1d8bd6d012fbc12fcefa11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3c0cbe435ecd8b3df08ecb3282850347

SHA1
ab4a9641de43598917e2cc1d7b400123117423dd

SHA256
c3c3a1c7eed7e5b97c3851ce5c46041afdd90e7085aa84331361b199949ac254

SHA512
eef334e642bf67e925851fad5245ca1018a377d38286920f49ec7871e11eb611d6820860205adaa94e16a2386760d6ff9798e5d56666aa7b492d4f495feeb4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a62b723781c230dc69442c80fc414c4b

SHA1
9a27421243ae8b0368ba9ba3ff4735630aca30e6

SHA256
7671ed702ea428861233d67fb4771dffdc3e2c85746a0dce5b9bfda18fa77760

SHA512
355c82f044f9a959c45a4bd410842deb940e538f054b708d9d5ec8c1574701a9165aab6fe4c066a0422a45f81b4180220cae1c3012d0ffd12021afcebb560591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ba7b2138c2ab08d470ddae764549cb3

SHA1
2b10b8be0ccc40681f843d8482efe4e84ed02b61

SHA256
feb416b916dd7b13f36346162b88d5f489c781ddaf0f594baca4ab6c922c1c9f

SHA512
4fe52ba4e4ce9cc674106f8bdac672753c9c2f83ebe42094d16e27c023833347fdad210a37847fbee7aee8e23a118ac0b77f6d7beb9c6128e6414370a7f787ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
271b3055647ee464710d651cdcb25642

SHA1
a480f5f56d2c3cdbf31c5657d208aa26ee7c3d57

SHA256
a44faea81d9056cad0cf198ea8c3cf45014c9a6f91776425a141661568bfb630

SHA512
433e17531aa7dc3718b1e780e9252b82c07ebb98911bf119c856e8867c8823d58f50e91c39aa23b51642de66cd4dfd113ab9860a16765d55fc2d0511b924558c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
652ffce7a02313019200f4abd7445a77

SHA1
0e17cb999aeeb8d5102fecd50b0edb8733408461

SHA256
6e7c1b473259157daab26dd14f17382279bf7813b6fff43b03adec1740ed2b36

SHA512
518c70c0c819b66c3b80786ade867d803d0adaee42ee8ba7693d02c900feadd19c8c0fe29d54f6056fd6c5ee949560a98b01cae9dfb6da89da0d5472c7b01346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a309c7b7a15677dc010fc7fc58aba13d

SHA1
9b00bc700132b7c1fc1701c1b6b6b61aba527461

SHA256
99887bb086412eb0b407b971b7c9511a32370d4fe905be712bc560339753cb7d

SHA512
7605c23d9b5e107b100f302a2a4a9f891047b203ee46f035efb26565de1f6af967351959ccc252f50448e130ea2847c93ad4ba1186bf4e2317a7b9d1a7e1bbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ff9902be913c2d71a5859765df0b20c

SHA1
460f219bbee3f3d2f7d45352568366dc0492a3a8

SHA256
d2a304e25dc33b54e2c3ba06aaea6cfed9510b1f689f83992d96e0641c101fba

SHA512
890fc570199e5a8774f02035922f1dcd5fe47a249621846600072b0292def4f5eadbbb71d914570f9c9f8e4dfc337a67aad0a1e9683303e7ff909939f07d23c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0a0389a9e8aa7ae001c86e03b05b7d4c

SHA1
a29a0e983bbf3cf7bbee93c1bae65b5a2214b42e

SHA256
3f428e800a0125e86e09c5ad4b29aa892ff1266a5da385177457f4c7c5e06026

SHA512
d8ea141b44bb598f5afea284b06c9691b60f0870600b597cd4fa7e4c01d92096e23d2ee89962402f33bea1aac977f49245df59af8a3efc569d803649a40b3618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9235b2993e18def9eb98a0f93700a865

SHA1
2f1d607ff07a155b3cff6210d36c245fff299de9

SHA256
5e39a60310af5269cf6a56e853c0f2ef01dd20df2a6994b925c864319990e812

SHA512
01f86c94113cb635adc3d27701b7e2315f10834723dcc41491eea73c2207602e49518cbaf91a7fec3f30a54e7cc04da442f665899bff56550c80aafed2cb9c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f1e.TMP

Filesize
1KB

MD5
199e4a25530e72946ddd6d989393cb8a

SHA1
9477f5114f10420ea96eae43ef90b0286ac78ef7

SHA256
e756f064046c1c80980722a970c00c20b5bcf073d270962439ae0735e1088d4c

SHA512
080d6416a31450e5c63ac3d3cb7b9c7a4c22816abb348c03386c232f0c137f771625b21da0442e7cef2c556631175617465b417a5294b69b9b45bc681c90f195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a9e24d02-e165-437b-a53d-d7434b2a2a47.tmp

Filesize
2KB

MD5
180f4885bc2d669ff15790e7cf3e8a74

SHA1
6845fb5964395310c015ee863d26118cb324fb7d

SHA256
46fbf49b16b5553b2383085c18319b31b5e09684610cb2594cee1e4eb4d47a68

SHA512
9e74fadcd3b284b0f8b5ad4dd502161d4bc957395610da63e9c1c617db4239c45fb88cb3d190ae78329c0cb133833aee3b659dc09a1f4d0e4fa4178c250f47f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a59e6419e190027dd863cb43bc467900

SHA1
433de678aede9ba72db1d8da2b5f738025b90b92

SHA256
e3ad8ec5e9e4407606716dfb2a52ea2c2fc5985840b6bcbfc3b1264ec4ea9f04

SHA512
597e2a34301efa8dfe75972b49fe22843c6360a6e54d7ad5182a17da3adaa5889cfd390cfcfb117d14487bc03391713e68b981f1e9e8e1c73489c995bb329955

Download Submit
\??\pipe\LOCAL\crashpad_1536_ONCHTNQXKBUPTJIH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit