hxxps://sede[.]gobiernodecanarias[.]org/sede/area_personal/buzon_notificaciones

Analysis

max time kernel
290s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sede.gobiernodecanarias.org/sede/area_personal/buzon_notificaciones

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

121 https://www.ameli.fr/assure/remboursements/etre-bien-rembourse/carte-vitale

flow	ioc
121	https://www.ameli.fr/assure/remboursements/etre-bien-rembourse/carte-vitale

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{20AAB6B2-1D7D-4FAB-BCDD-C1590AE3F1F6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid process

5112 msedge.exe
5112 msedge.exe
1704 msedge.exe
1704 msedge.exe
4512 identity_helper.exe
4512 identity_helper.exe
5956 msedge.exe
5956 msedge.exe
3648 msedge.exe
3648 msedge.exe
3648 msedge.exe
3648 msedge.exe

pid	process
5112	msedge.exe
5112	msedge.exe
1704	msedge.exe
1704	msedge.exe
4512	identity_helper.exe
4512	identity_helper.exe
5956	msedge.exe
5956	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5536 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5536 AUDIODG.EXE

description	pid	process
Token: 33	5536	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5536	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1704 wrote to memory of 4432	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 4432	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5020	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5112	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 5112	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe
PID 1704 wrote to memory of 1812	1704	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sede.gobiernodecanarias.org/sede/area_personal/buzon_notificaciones
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe34424718
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5944 /prefetch:8
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6040 /prefetch:8
2⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6028 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
2⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
2⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
2⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
2⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5452 /prefetch:8
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3716 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2314291723047047197,17733683061623457125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
2⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58f7e897-5ca8-4611-b189-68086abe99d3.tmp
Filesize
2KB

MD5
eeee1e65bc1d55698a5d5fa8747aeb93

SHA1
da028c4ca602fa126c4a36482cf43c7354d5501b

SHA256
4b85449b9d11b9d55f4c37e7d0f8f7c82bbbe50b15ddbd3cf3da26592148e8bf

SHA512
bf28f4601521e3382d372ef0ee64f829a0a0a44faa16c124a2147aa29c8015230e81877fed7aede9f6d40f0a461231a37b70856d7fe79bfefe9f9d09203fc246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
17KB

MD5
0eb2341aa262ddf3f3459cd6e4f384ed

SHA1
79711eadcb3f991a54c14a79988f565e965fe9ce

SHA256
46ef9b89cfeb4313ff9104fa92e5d5c89cf817d7c5f18cc438600b17dca6397d

SHA512
9f3f593e181345fb754528ffc8e3dc465bf47db81d6b9e4c03aac59864916f34ea7885bcdd7694cdcecef67eeb09e73cc734482f3f166cf13ad3968a9aaa7d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
489KB

MD5
ff46e081ffd190a63327d2cec37b83f4

SHA1
1c04c01fe062580f493fa643fcfb7ce5aae86042

SHA256
310ce2e8e4ee6da78907c03ef81caf9fcd4824eb9a639a177896d4c8b98a0f5c

SHA512
3842d827a9bfa0ce5dd907dda7c796a4ec280d889dd63e3b7c06ba985f5094967cda7fd872274d698cb237f67ddf9847ff0be62ffcb7698bba2b49becb9ace35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
08ea61fcf450281f70eef37fca8313cc

SHA1
c5150530c6dfea06762e4cec4a0dc8831f01590b

SHA256
48210a52eb840283afb5cb1f59bbd66803eac6840ad40caaf81ef4997d42e7db

SHA512
242d04933292840d47f487ad3bc02ba0991f39198842b5ccf801e117d317172976e60949aa8902d12c645a8bff508386428f227ecc79eb353a4beb7e1516a242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
19a56643cff74d37908a365f49ea9068

SHA1
785ebfc54dd0292dea1a2b05dba59152a9ffface

SHA256
4e743aa918d9a3c93dbd2f1663eb778afceddac98f3556924d4869cab3b41dbd

SHA512
cd70111a19b2c3f157b5012c6d4fdf3d083d55303988523f38ea4d9a7ab37c172d17745f82bd7a3e6e232583a0785be0cd7e0f74198f83b1da30de4d79141379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
14a6f68b627e1d2b230dae620fd07b14

SHA1
326a19e2f722a44f452b3cfe912c5abbd260688f

SHA256
4e62bb4422fe39dc85a41890a3521183bd05c67a1fca6d97ea379a23a04e3dbd

SHA512
f4577b57db6c61f6089345cbba449f6e217a432d119561718639879d69ab45b8121173f9746e3d923da78bf598787000206abf0dafeedcd48d33e98c1efa3df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
3f812b4a1c46bcc821f1f952513ab696

SHA1
309d0fdc31691e179f255f824454d1e54246a80a

SHA256
6af3bc2822ba8706ea3e7e786757ea9bfd3bf2a859144fde1c896190144b2870

SHA512
0a0ad329098af58167939876f0e22ef996908d5c937d2264f82abcb50eb20d8fe94aae3facbd81c2d2d03db5834df5e598cdccea268751cb89756a8d6d9af989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
860f4f0b99bd6c8f2b8719d510f297be

SHA1
6987c37b7e75ac558267d0747bc5725231650a47

SHA256
3ddc21f901e5bce0af18658ecf1017bd2f9e94322e2a417355952668a3e77428

SHA512
05595fdc6bf303a98ebb2869cb227dcd82c59d6dd7c2ef95df314393081eb7f021662a0369854ec64c8ba674b2e51b6e22c39a0bc5403d19f17e6c35c4d54034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
afd75eef12c80c9b9f04522a5edb4d5b

SHA1
41bd1fc30295f9879524c7f38a27b583e08e3ea1

SHA256
4306cf296bf557781eead2a9840262d1ddd441637b2bd4bc0564ffd5ebe31fbf

SHA512
3526061e70f5d45bc43435181dc92b39789e12868bffdc8e144e3f21db93b21721e56b1606fa2b280af59b27079ac79c5aea83e1bbaaa6fa6f8499a0ad15e1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0daf6cceef5bfd82c8de91b0c0f612a9

SHA1
44e2445b1b24d6438bc3abfdf6eb445c6958f608

SHA256
a68a853510580864d1094e3f081dc6e1b8505b23f9de8218c9ce97f3bc937be1

SHA512
7220ba29f400e34ff13511cefcbd981beb85cbbf5ae52e8bbeaf1bd43042a131b5e9868b39a457e87fea23a4c1b4e5fe2cf8f273898e4e739fc1bea1e943ed32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
de34a594534b6f53288936d4620f466b

SHA1
6c88313c927407e48011430e6dd6c2f71041a0fe

SHA256
2482f6edb9947f99a64f4760b2cf38fffae118a4f07f2272dd040ced103d10da

SHA512
8ea32880329043d121b7f7d1854ba5a49e28c35f0024084b96926e46b8a38a6d836593f046b07a94d0e300cac53807b685371360423a318f71ed6c008da1df45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4675ef11471de0ebc499501de18e0cfb

SHA1
17ada6d177802aab8ef96cb8dfbbd95487a05e7a

SHA256
ea6eeca7c4034cb1975bf5b6b58e87c2abdbdfca6566ac9dd586c41259b55ba0

SHA512
eb7882ec49e8bfbe878e99370d2c750e7d794d7cefebaec6478c47f897e206f92b58ae3decf278709462ceda7dd041385b539cd2f31a8944ffff83190e73de83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
eb5dbc6389ffa96f5a419fd77c9715b7

SHA1
b4f54f6895e6dc94b4265565c648c8df5eb6e6ad

SHA256
b5656e65244522fd442cab5890bcdbbc622eca67c9b4a6cc9af2f7b0e8ef15b0

SHA512
00e6ebfa17586b1dd948b80070137e893d9a6dfeb06371d74a6faa16d06b0d1a850aa5f90515589f4f64d6f6cc2cf2643a00f10bbb98315af029a379c6e606d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9349339aacdd87e8261188aa3b029062

SHA1
a958284639e726f3a6ac9be8cdb3e8af3082840e

SHA256
84ac0967e4c6ced6b16016cf17e9a24171d476ac61879edba97a7faf11c13c25

SHA512
e723b66026800300c81d8cbccc0f0c2c42f9e60227669aa70dee8aaf826131c9328c6a30df9b19b83ace183b5341c27659f3af331445cf1d15d24558b4dea92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5eee133c828ad907d5ed63a05e7b14c5

SHA1
ae10d2c9fb021fa5b7640c57c625412a9d986630

SHA256
c81519380ed1e5ea52a5fbf4af2efb52663969efc1f37ad893b8d8461167a69d

SHA512
79d6d1bb60ee0461b1c551267ea6b40d401f724eac1698e541cd93d41037687376a352bd9c735d96fddd7993f2bc97862f7c0e9b2a82d3c540d39d4cc0f9c3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3b033d764480f93952133b5d48cd49ee

SHA1
e84803075f4909d0480e080f02dcff69937032e9

SHA256
a10071dfecf4d9a12c17cad88dd2a58215b822c1d6e9690c9a69128d8a1ae7c2

SHA512
ee79f278a2288c4366106ce88aa92e6060520def34bc65513bf1fe7df391ada979db8df801d95f42e1fbb55185a8262a00531f9a3626f3983294bd8b5f995c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
42ce22aa80cb4d9b418a084ec7ed0bab

SHA1
c51b0e5a75a6f8a589afd4ebb26045f48a1ee26b

SHA256
eb21c801a0b5277e9e71a82050e92def4c97e77f1c21073f85157df93ae58ad2

SHA512
7cff5406d8fc51e18f5c6fe86f4ae8460f708338481fa9ab1004c20083ef733a1f65eb4315c7c75c5d84e23c3ce475faaa14d218813da9b01b7cecd2aab7378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5d927a2a332b51c85be09f848ec9f99a

SHA1
d0edee46dba3c380a5f2c9e7d9d4debc0677079f

SHA256
d2735f6d095e843f35ed0ec2ea5d0473e94e58a60b7909580232b45ae961604c

SHA512
c4231a587fad66847f90e9a86c17795cec71216e5481fb4eb307bad3dcae92df163a23b235d7b48d6f5e62158acfd1b1792c618d1c671ec3e9422c838890745f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
af6eca0695687c2e8733c733dcf3c7fd

SHA1
49cc9c6bcb75c3bf70ea7c828d1de0c88f8a85b4

SHA256
500d8a3388a2e20bbf7c2ab62f85eba97bde561ca89154a65416e0c5921341b0

SHA512
adda60d9276c7fe60d46d173ef08534474cd6eb8e929cb9bed3f20eafc7752cd60c8728a4db4957bc3a2d959bd1f0260899a317ca3355689e637659e208b4402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
be3b902d542f2e2f423517ec242e13c6

SHA1
cb020c328083eaab66f74e6b4cf762b45401abc3

SHA256
3acc3af25a1507de4a1c3bd16ede12f89024479a41d4bc2a80016a862dcd2047

SHA512
9d4d40ef0c29c1d15973a1442d5b442d4c126b03ea35d0f14dfa8cfca8837661153fd3ccef6535e35f3fd4728aa7ab07a6cc2845245db1008394125cde42bcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
3b211fe84d9cf61d0fd3b24c72221616

SHA1
d8ae0e5810f718afa407d10ba9ad7f61b1ee20ea

SHA256
30dacdc5d8f75413a068c8474ea38b020510f95e93eca480e8d47a9c83b534ec

SHA512
1fa33d77274a5089e4fb586c798582ae371e8a77c0a625714d716a27179e6fad9f1ad67a0bfc33e57fc985cd7c34aa0001c79e8c98d5470c7689b0ad884b0eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
83b928c8547f8efaa0a6cfdf1e906e01

SHA1
1aeb55977f32d5ccb4d40691efe54929ce9faf69

SHA256
34954ff20beab6780305090a897f9ae47b62c958cceb959da3cd300221da75e8

SHA512
767f887455c35939b2ce75da10a0b72369f22f73525042a7e0cdf61de6716032208127006cb084f9ddf09f68d53197e15e1528c0364800d8b7897fc51cc20031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
adc7f06f658d0bf1b505056fd83a5213

SHA1
64e002dcab60ed94f43952f4865262898ed8a587

SHA256
ff348ee77da5b8e22619ce0c06bfe64c72a1afe78921ab1eefe5ba6b014f6ce3

SHA512
e78485fdc0221444da4d9f001df3850c705c3c458f7aa437aeaea150ce4af88a29a49ff5fce0ce71eef9e1c20a4a305d472896aa959c36c67adbddf95a9a02dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
a03c1f53eaa9a2659910929feb5a4aa8

SHA1
35197798a4335486aca1d744bc9414c4ac95c00e

SHA256
231031c79ee0cca5b0e262669dc2c79a2e3d3fcd014e9cb2f2332f59e65ac4f6

SHA512
889dc8e785381ee4b7dc344a833263ed75086b577d41cea8c556a67f965279cdb8927e9bc6b3af0516f37fe7cfeaff8449ae45b90002cbe198c0054a4aa19ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
791316404314ab00842a04ac564706bb

SHA1
66f1a70837cd83283377cc0a316a5b2a8673d9c4

SHA256
c1b14b9313a8759212aff965642537217a2ae9c0c1e9628b0afbdd17929d259a

SHA512
0e4b347733f11d4727dbb833b79b70ec86e47e4a693f9eded35b5e16cf5fcc43046e7e13c73ca20bb7157b72f6529b72161f3de855f7328f50da0551eb4d125a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
29e6d1f937bc677c9cd6a1929bc2b1fe

SHA1
7015fe8bc74e7f9b168084f8dff1e8ef2a56346f

SHA256
a3d2637c9dd19d9ea567843fe246958b7b68a59d03e8d66be902a14cc334bcfa

SHA512
36baac331a19ade91decb62e38c6ded1b9e5e426a5825c0a3950b40cf771ee323fba7479f8f61b3c5b38463f2a52125ebdd704505bf4ca0d43686f51a57fdb81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
d6bb673792591676bb5e7ef30ec4aaea

SHA1
0b83f1f770e2fe9df89bb570f448ad6d0a7c1025

SHA256
782089671d1d0f4394478af3c8468550b1fbe8f0f8eec60beac3510fb0bc1c7d

SHA512
5079e84f62b806c6dc2a19ac1409c20817e0711d9e237f583b4f1c429fe6bc91ae732045484df3153cee588e891ce14fd597262b8ec9cc159dd55826924954ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
9ae765b8dc348bdb00173db67c2c6770

SHA1
1b6f86605ab6fbf4f2845d7ffe2c38d267c90d36

SHA256
84be56151fdc2cf350eadd53ae496ce33bc12e3b8706b977a2304a524437da16

SHA512
f93c089712724f20553e7c3a85081b9d3f9f3c7789b3c00068a9b9908eae95092829cd77176dee1cc5131af806e0d204a1501e0d36416dfcc10a2faf1b459c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
dcbb48fef25003cc56215ea1b5fadbdb

SHA1
27975ad91ea1cb4853f63a95634622b28c7f52e0

SHA256
2a17e74b481d92a7e232333977c9b725be38196310ef57f0421fe06fde1b1631

SHA512
8a3ec50c87618359aa64b861730731398699b2e7ef3a7d06c0af3f49a1ec37afa25383b26e0b271808198ede5f4513a2d513835ee453b928449db0ca22962362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
54bc2ea887e150046efb5894c75d07d2

SHA1
58327d3d33aae632eef2ba916665e30eb047b2af

SHA256
c82797f31c6395714334adc737eca69935566657a109e334f7bc945ea12efbde

SHA512
0fa173c8379b5c60712ae0f04789a10a08fc868343c6b224d1c712464f0420af93ac12da6cf157fab9a82c2d5b5a996c8b540f049e2995c8c4564b93124cbda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
75160b40da86888f4b89c26c6ce7af2e

SHA1
57c9ab76ae669a86f51488c1c0096ddbf725f51e

SHA256
9071945692bc854bd0ef41c205de78332beac66de72a3a7a6ecafbb43eebbae8

SHA512
344ea85051cdcd72305f783026c7eeaa6c7e236a4f356e49bf872889828388ba6941e19e63466d693759356830e0a60fbf0c588e6a4c4676503bf30742691f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4be4d99fc2827f001c458083db1202b3

SHA1
315ab014e13080cb1cc51ac10593e173fa46d86f

SHA256
cab4a751d8d62c57cb7e4ffefcacbcb166efa7e89d458d365079b5ce5e9bb545

SHA512
05fd57d14ecff77402bc2a1f72f40b20c2bb8506783a68f1f7aea3504952c0304a19fabb881f594ad3a85c53c227ff4880a22ab668b93f0eab9f9a50aab110c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
596ad55546c2f7b6cbef483d57597612

SHA1
3e2e04b29042a44154999d4786a16200d5791b7a

SHA256
46d78acef140ccafc096eda13b9dc262077d5983387132fd647a23cd9c18f9a1

SHA512
2706f962cecc3b79473a24b4313d374b3eab6bca7dcfe24359247639f8a3941a5857b1034adc99228e3859bf5e57b74caf2906da64003d82967448b1a206b3c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6dc.TMP
Filesize
370B

MD5
1623f83e6e76897aa0ad9420f16efc7a

SHA1
33ef6d78dc7559a2713b3ad95b90f3773adb5e6c

SHA256
6a274b4a53d1d1d1f1e2aaba3a0e66b88e96c46e6cecafff23fd979d38b89266

SHA512
1d336bc9f11d9dc0fb745d949c7148a1e5301d13ac79109cbd058262afb75bfdc3d0a13a32a83dc1a4a3a7b8ac0343fc7ceae6754bd0a5c556fef55a15291d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3e138752cac3799ca537a42411ebfd1c

SHA1
24886ce04dadf796b9ccb8970d10b900ab26b7b3

SHA256
045be69431f33cbbab3afbb3a1b855088e5cb1b07fff27e51a18ff850061be09

SHA512
9de3fce6a49992386a135b4a13d58376a5e2c3cb02f0ab289393f0df7a4ddef4965fd34986d3783b6ee464d9dbc80ff4a24e8b0e452c9dc79d815cff3fd46a95

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1704_SBCYKSFGZQZIHGCC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit