hxxp://marketdeals[.]com[.]au/

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
08-10-2023 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://marketdeals.com.au/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2760	msedge.exe
2760	msedge.exe
964	msedge.exe
964	msedge.exe
3356	identity_helper.exe
3356	identity_helper.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe
3672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4272	svchost.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 1044	964	msedge.exe	13
PID 964 wrote to memory of 1044	964	msedge.exe	13
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 400	964	msedge.exe	84
PID 964 wrote to memory of 2760	964	msedge.exe	83
PID 964 wrote to memory of 2760	964	msedge.exe	83
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85
PID 964 wrote to memory of 4456	964	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://marketdeals.com.au/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe791946f8,0x7ffe79194708,0x7ffe79194718
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15682534979389544904,7256025869526905486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:6060

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73f680ea-fc0f-4a10-aacd-2e2b020056b2.tmp

Filesize
1KB

MD5
d148b93f3e796d2229d75ed2931a94d1

SHA1
e16371d4d07dbd168aff4cb677cadf9b880afff8

SHA256
caf1bd9ac1519b497b03a207a92a64879587f28331ef841d6ae1126050d70126

SHA512
4acf33f9f300418279d197d08f379dcc57e05d0af44cf7582a8779f9e98fe2359303b0554eec8d4cebc80ab9db1379db9616679d9d56f59ad9a9401f335c091b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
24KB

MD5
8fddf97c4a86ff56aaf2cb442fa87738

SHA1
d5a3057056618bbbf455d3e8e709d42ac87ca929

SHA256
bda070ce1252e91cd938ee14ddb32efab5998755a487aed01568369fccabee37

SHA512
e346944e2ca8e770f174a1752c442ef6741d8ec65fa4bd4dfeb24ce61bf8bd2f6c451eb88af541f8275da3071981f400368e17a8bda9c0057e4c93cb21727335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
6953a04177619bdabc5011a63a75b118

SHA1
bca2a6fd61d1a9d2d635ec3b8d6eb8a80a729ef7

SHA256
262491c44f8cb9f000240bea40a594cbc826c7b7fad9418e55e7dd734540302e

SHA512
ed435427ace22e9f13de239863f35bf1fea9aee07e8011d9b6a0ec28419cf885479ae37269370a59218d9ce5bc3828a813d6c379377e8b42f611037abb18461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
18KB

MD5
bd24640b035c37040039e8d5221d3b7e

SHA1
90e6b84ce02a27fbb50bfc3a6e2a720d0daae7eb

SHA256
9756db93d10c39e8148dee84d7794371b261f867760a51e925e2f5b7625453eb

SHA512
a4557eb771dfdd3fcae530f36da63f1fa52a33d6d9973c977be1d58bb766672c93f3d026f331abc93423c4a7dbb436a965bcc5c30493a032457c3ce568643756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
30KB

MD5
e3fc19c5e63a3ce09b7613760ba5075e

SHA1
6fbf61501696b0b852fadc8c2e429b3707181d74

SHA256
5f35b1be18b80d6889f4906d95914d062209a7e01f31fe7c228fdffddc9b805a

SHA512
734ee0a199dc272e6979d47daf0ad06489684b35411c9665d572aa63c4d91bee84938d1b7e7a539515569da5a5ae99e0e18646ab1aa451ce29123539e05667ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
08750386290a0f0bb923c93ed648bdbe

SHA1
a1f6ef8ddc06a0fcac84ab8a2f72b04260d4e936

SHA256
aa2b51cf7bce2cdb903805cac14c147dd903f02e2c0c4575e0338f772213ba13

SHA512
d019c3eb1d268dc55f4cf1381e61c6c52c5cac4b1796c9e83eaa80a11350a4fbd52d9b8ea96346847f3ddebe3ff1403800254f1097b4a2e892fb6c4b021c25dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
25KB

MD5
18d4c9b136c85716f4084b9c072bb2bf

SHA1
20b677c29a42d9f21b94994e4254333bac53bb83

SHA256
2aeb78049f13b47611aa61587af88b9d84ca6db06638334c0a66fa31b78d7628

SHA512
084d700382400f51eacb69c43e2533f1c5ea2c7dd11f756231ed20f26f25d59a0b94db63a7e1bc43a79db2499aa1246730912e0b8f96719c2dc5e0f12f3df759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
73KB

MD5
3335253c1e1e9d24fc7bde3cdddfff40

SHA1
bf8f15ac7ed7cc3aceef20f973a7fc8d6839fe60

SHA256
8666ae6a10051674779670e8819a9c811bf19dd6d8eb4eb1c4e22cb4b6bd7ca4

SHA512
719d50f9b544b46f274cc214c043d70d89e4a86ab501370ce3bb6fcbe7891c7d969a75093052aa351614066fef4c952326171c6ad67e6266a746afa3969e5d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
17KB

MD5
aa7df97ef17cd5e7b3b0e69ee5fe57f8

SHA1
b666d881124514ee8d289a33ba34af5dd1ab0b58

SHA256
5193c76058b7daac40b528bebe330ffa04663350ac4c93b57c3af5ba8cee8125

SHA512
81a6a6ede10ce6be85f06323da1b4b334ef3c404c9635eff4f720bcee9e9900998c75c66f3f7416ed87c9522587a8cd9f050d44f6f22a501c9a8e1f08d3d2ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
99KB

MD5
8e4cfeb3645f64dbabc5606821af6e7f

SHA1
bcdcad657a790299176a1065b06ce1c0f379dce0

SHA256
f2ccc510aa2711e465ae58beeabbe2c54d93d6b3affb1dd5d700555b73eb127b

SHA512
59aebfb65240ac661a24f2c7f9ea9316e37d78df6c8ce6c3b4a77c6b748b5638b4a6a96a5d123593f8cf2be9d6185319d21eed3a73e587cea88919d6bb33d45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
81KB

MD5
06942646ea3d4854e7b7c51427bfe924

SHA1
3d46c86a4915a74bc94884587b42b17ad029ddf3

SHA256
78efb2f2d535b58ef1cb50590b0def6a90761d908ddb66ae9c198f297ac62e71

SHA512
c820ab3dd392d978bd7f7f68da7ceaf2d75f1e688bf6cc5065305e832090fc59b7bd59bd277b42156aa0d40cc4f76cc98d16e33eed28d37a4bddba3709205001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
35KB

MD5
5b268552a363858ea71078a980b1aebc

SHA1
7538931a913ae485b34fe709cee024a419f3f0f2

SHA256
444966ccc695463ad0a8f397c55888d6ae43b7855e624ed5e059e4fd73d4725b

SHA512
f8a853c6f19ae597695ee984fedd50b4a35df10835f635af3ce7fb1e67b1720340f0eff59670524efc18944e8b9ae9fa2333351a4820b8bd4a8aaaae49625941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
30KB

MD5
81182f4b684635f6bdcbdd907ee66f25

SHA1
a1f2f151df72ede41397c8131bd47a3ce85575b3

SHA256
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

SHA512
7fa73f476b084e15f6d02189f2405ca6d8d7b12604304fd4a3aeb71e8ec3e42dda64b062faf270d1272fac76b606b2e34fe0bc1a18f518f58b46a4162af17691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
38KB

MD5
1a16df885170dbae03747a2f8b144956

SHA1
2b56d4786def7d0de1980e3c62f4e9aff2007420

SHA256
68d70960bf4795723fabfbb791e1dfd62a506fa15c3b87b563582871b7a37517

SHA512
0a216f9ba4fc12b2b38c13f566b664da4643d9ac4cc50af5fe273a006455fe12f170d66b88254b3eab794f39c37a2ed917b617657dd0d41122bc6a07f7afbc58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
05424d2dd6634d20f372d806cc227389

SHA1
3f1882b9391caa9268608232470025d16fbd516a

SHA256
8c6ed6626f25352843e4f137561f704c0d0c0045be7ccb67a506bb3b2ceed6e3

SHA512
4e18dfb00f1481e4fa426eff1f8ddeb7244f6d78f5e31fe1d114ceda7e0a356d66e382d0ca1bf61c162f54aea3c6aac2c440d990d77f96f25e5fdbc9ae85c118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
63KB

MD5
427487d92f4472ef61eddbbdf4630d8d

SHA1
8d284b6bfccb6bc2b8bdb321249b0a5f806fedee

SHA256
f311e65c0c564cb5782590d197996d6333c6f7efdc6c067a5f34b9e716e422ba

SHA512
237aa34b392ee299b5e5fa7f471dfc5318ae0e573c3a85c40f21b64ecb4e39cff3033ec48424d7061bf173c0b7c558b85555adc05b173c24d45e155266ad37a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
118KB

MD5
3a2013a1affaf0b042d9a43dab079207

SHA1
ca4cce1c867d8c7f329fc50b8a4b5a0cb13362d5

SHA256
21027d147be016a2ae296ae6c284bb367274b8b7f155097fe6c881da78012452

SHA512
585a5388cf130ef513a624a05b266e384f4f98f860678df56ab7805462d54e71c88dee6bca1cce3f8057ae023f80b21f73ff443f7a04644d9b3967449903c46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
9a3875a653da1366511f6d2cdf0b86e7

SHA1
e4a2e94bb6b98bf83364cb47f85d33ccd7a70e3c

SHA256
15791babfe68292b3ab7890d3147405b6dfef4491639f742ae38e864fc7dfdaa

SHA512
803525c9f7e60afea35ed4bc6d3dec659e0086ff3e6388c3cf7e189d3c748796ed51702c5b77362c9ff3adb7045abc2932267a44f468bb72087ec6c5d9b58539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b92d21d16dbf3301829fb58609907314

SHA1
da14b07ab0e4acbc3cf80c5a5504656d59f6c42d

SHA256
a60afd8aea35283ff806484f660ff1d4cbb5e1008ff9dbfd54f7c450e16fca18

SHA512
e8c58ec66c238a127a222c69c5cc40c5c13bb6bd01722b38fa01733a8c3bb5ed769f617cbbc398c50cbb9609cc91dd174958f12e531f07ffa8ccb736e0a62b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
96f7b026ac78c72783794ba4d6adc233

SHA1
5152aefde03b0e968dd7736be682719ec95967f0

SHA256
0423ce035ee3141bd892d2fb0c48913e97215ce6178e97ea0ae4a6592390f60a

SHA512
e7fe4447ba4d6259b220203a01ffa69054aa069ebbca7caefd140a02b8d68b409467badda13d9896c51956ce6ee2fce9c33a213e8ff2829c3756bc640c1e825a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
921301ab6559e2db09cb81498df5ce14

SHA1
51b106271726d40c0921ade7f23e7766dfb19cfb

SHA256
dfac0994bb833a3565284fd28aa7184655c2905edb0a253e038823445e506623

SHA512
e6c80380f641b5b6aac0d96a4aba387e6357ff7e50185d6ede1d50f0d72137d5c168d995ab5b35ba0ca12106596f457af2345fc104de5f4d5ee77bfc03950d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0821924f8523dac42702319dbdacb3a4

SHA1
27210df3eb3d5260fc0e40fea6da0467e342fe74

SHA256
86fc1950265814b7ac79cf973430bca74365d81176b9a749398fcc47c717e976

SHA512
1c3aa7cf34b3c39688b048aa9ba06eb004730e8e1e8b532d24b13616108023ae4c561e4c3bd31b74f6b3877d47bd72fad3dff5434ad02a812db538fa8e5016ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc6cae5fb6239521602b77d28a4c084b

SHA1
df2be411c36687189ea4f76ea886bfa5d729c274

SHA256
700531102336febe7fe06c6ca3208a4ac013d5d03da2cd9bdb7738d3f54f2de4

SHA512
7b8a767bdf3d8ef62b4267d32521c4cfb35d9eb723815c423f231f76f7b6f1efc54a4678c35068984ad1aa6a3d8bb7cc52b698a010b8d4a9ce0fcbf21760c4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
78386de8900c28a1a798a4fd3fcfe0e7

SHA1
85c65b054a144d859829330511cac4f2e0346747

SHA256
9913fb18a21b66f7aec8923a1e8de7a53d755b4a33d51f4789cb80e16920fc53

SHA512
16153140436cf8583fcd10275993bcf17aef7015e3dcf8e4f2fd600a2011ce4fac6528f2a73d3e2d362fa5d3c96ac334e36bf41b2226c0477b5006bd2185129b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a1a104021afa9ef5f82c53dfe3fc7c1

SHA1
3f8ddc5fedbccb2dc4a15a944fddd240cfabd153

SHA256
d29d556bc23d342d3d6094fc5f3f7373757c43b58148ca98954e979b6a71d4e0

SHA512
77845aa4e3af578391be7823ffb9bdbea6237d6540137134e4566eb02aa2b4ed4757ff22a33b7008280a17da0241bca83a1f1f66f323a98e2a177c9d46c43fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b007e46df6df85ad9933ef21e7aa9bd4

SHA1
213965b4f2d48a8d058222c87d585638ee8bc446

SHA256
20abedb4a2a029fc21144e6df116ab2f9b4fb697f90334720eedb6247a2a480f

SHA512
0a2c3bd3baabb1f28d227d0ec1cd76093448c45d2f2c341f2bf0ad3d3fe55e00bb64d9bcb1323cca99fcdc460ba2802d38d5e05454510edee225dc8ddc442f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
442f2c947ce518484e00ca6730791080

SHA1
87881ba165445f4664afce5c7976df35ebc7913e

SHA256
d6fbbe49aef511d2695ada82685b7b932f9db281bd87d2675ff9953f0326e7a9

SHA512
f01a5225fb155026046f36add24592edcad3e63db0f19bf7d0cbaf0aed11ec39d55e31bc15b0afbf782dc899c34bbfbdb83da86e4c538f5c4822d152f8f39307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
718cb69e0ad6ff05f0e54b518411d27b

SHA1
a93b4208c20ba6705a3fff2ec15f91d7dab0f69d

SHA256
7974b6e6fcaa1d9ff0d11daea949496128f59738a010edb66704cc37c1cda0cb

SHA512
5443d7c61aa2d06f1be108ad18f8fd432a4161ed5d1e2dd5855b22247bc085c184e08f0df86e48569325fc186daf719eba026fba1b10605bfd78139e9cc6b7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
275da0cc3ec24318450b69c6835bf0da

SHA1
3cb213fd392e09b110455655777c99d18960f9f7

SHA256
20192a75798f14485a965bce5f55489e711aff23714e7da8a85f6e7995d20810

SHA512
bd65a20ebb92407e62f2eaa4e9cad5d9b3de076a57fdcd386ea4d2dfc7e4faf8bba990ab7fb5bf009a0bd8c190f8e6e75e84aa43edfdf2a0fb19702e6f66f618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac46a521bb2ba4bb7a9ed98e1575fbea

SHA1
d53fbc4b7f9aa227972b51e5cae5b5aa0caa4b6d

SHA256
beed048f06b3b759b055a3ca6051e94ee71ac782a01ffa43421f5756ee317d3c

SHA512
e7531f718d78a082b0f20aa14aa6a6eb1f5f9c68a6135d32d098a9228aeb8ed945258263e33935fb842241294b412ecf328c75ed27d696b2b7e14ba27c4c2812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62ec656aecf47671efabadb8a8a34002

SHA1
7d5a2ba00602a6218ca88a822c86adf54168c913

SHA256
961ab7200b3a1851a098f9859036dc1d2edeeec1ec702a79969e6e1893127387

SHA512
1c0dc94c10028dcc208dfcb71bf006a3d3a15126ca585b6f17e2d7b63c2942d3ecdba1bdaf8798fa9cec30532023c7a94cf2d854dec123e636bfed4584e5ba2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f75105ef1c292e8a3ded2c90e5fa670c

SHA1
5c6b5949686fca87f13499b904571ea8a6fdcdb0

SHA256
1989226557b6cf19bbe3d719376b227d86bc07f1b0c34cc6a05dd82310c8ce67

SHA512
6f4272b30f3a320573e0c8c624c836ace5d61a9015039bf3bc9530d6386d76eb718d4a4143454b61196956a0b20bf926f14aff8125decc5c88f71701f40e9762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9e0b80b8db814630683a55def58ba569

SHA1
cc4d92bce9a0b9db25b3394b945f12f737e837b6

SHA256
46704b3e7c19d0594550e953a8950c5acfc2f068cb3a265b7920b819fa671d45

SHA512
bfe0b5b3dc82bb9eb27d729b125a8f5bd7e5ac9aaf4442223a2002feaf003a13e340f0461dabb0272bbe7f7672043d884dfb620a9d16600277c31860758e5016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
27c44b5cb192ecb0459e715769811061

SHA1
2c1436d27bdf6730998c62a5aea27cbb46ae7822

SHA256
ac8cc82f9f610bb59b1740af30a6589327e10d99c722844bb3f0cb93b7a788b4

SHA512
653a2f4383382cdbd161d449c297e94d1e8f0caf6dfcc8d6e2cd47132c84873a4a70165805c4b412dd5e87b4b13bbdd7d7b973b460eca1e283ff949354155136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
abc6892f384b9d6b7225a91822008989

SHA1
c132425dae3f8446c90c1966dc6dda4c9aed735b

SHA256
82022ea4c3de5ccf4255848574fec68f9d2f3fab6a0104847879ef7d370ec1c7

SHA512
f55eec111261aa238c24430e336ff438796b1b73236e7979306e2bd0ed8c2da9763ebf52c6b4b51b891ad467934c9c360a82ad10e9d7e1be186094f70861f668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587337.TMP

Filesize
1KB

MD5
40a1a2ecdf12d17bb57a27a6c9234eda

SHA1
682615d3ec9bdb7f9be14a0ff214d2f8deee2ba8

SHA256
c1aa4ed669429a863c67937e2e4d6930e08f8e84b7d05fbc2a44c98aa37766d4

SHA512
d8d9dbbfe5f7d6e2150059b9fa65599a7d068b8c7411f1b4e1a767e5e66e08f1dfa5ec4d8739c053b687be6d29887706de584a7a0b5ed74c6f7224b2f1b04d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ff37d164d9b414386d85b0316b5cdbc

SHA1
c31ee9f07534afd533f4c147162352ebac46b8bb

SHA256
8f76061d0694c4b5c81d33d14a1ab1bbdada295201bef6ad52d668ef865be25b

SHA512
077c3bb434a2e098475132caca36e1446942da11331e2d777ca5720faca9c1ee9e703f7eb4361432f69bf472b71b3074b8ed84a672e4f61fe17d96166188f92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85dedf44b4261edf45b79a05a97434fc

SHA1
49771c96a349736a3f337f62c81e8fc6bcee77e3

SHA256
891b018384d6c3f2a42959a238999e5a4d1c484c1ff397d09c45802109d03124

SHA512
d9646cb3dc23b691ae8c056a6d2eaa8f69dd0e258f0411e832d152edce3018cda1f8ad95901e89536ccbac9a6c8f5bda1e08089fe470c0d7883d6fd5334a4c3a

Download Submit
memory/4272-350-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-384-0x00000238F1CE0000-0x00000238F1CE1000-memory.dmp

Filesize
4KB

Download
memory/4272-385-0x00000238F1DF0000-0x00000238F1DF1000-memory.dmp

Filesize
4KB

Download
memory/4272-383-0x00000238F1CE0000-0x00000238F1CE1000-memory.dmp

Filesize
4KB

Download
memory/4272-381-0x00000238F1CD0000-0x00000238F1CD1000-memory.dmp

Filesize
4KB

Download
memory/4272-369-0x00000238F1AD0000-0x00000238F1AD1000-memory.dmp

Filesize
4KB

Download
memory/4272-366-0x00000238F1B90000-0x00000238F1B91000-memory.dmp

Filesize
4KB

Download
memory/4272-363-0x00000238F1BA0000-0x00000238F1BA1000-memory.dmp

Filesize
4KB

Download
memory/4272-361-0x00000238F1B90000-0x00000238F1B91000-memory.dmp

Filesize
4KB

Download
memory/4272-360-0x00000238F1BA0000-0x00000238F1BA1000-memory.dmp

Filesize
4KB

Download
memory/4272-359-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-358-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-357-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-356-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-355-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-354-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-353-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-352-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-351-0x00000238F1F80000-0x00000238F1F81000-memory.dmp

Filesize
4KB

Download
memory/4272-349-0x00000238F1F50000-0x00000238F1F51000-memory.dmp

Filesize
4KB

Download
memory/4272-333-0x00000238E9960000-0x00000238E9970000-memory.dmp

Filesize
64KB

Download
memory/4272-317-0x00000238E9860000-0x00000238E9870000-memory.dmp

Filesize
64KB

Download