hxxp://atlassian[.]net

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://atlassian.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4732	msedge.exe
4732	msedge.exe
1976	msedge.exe
1976	msedge.exe
2468	identity_helper.exe
2468	identity_helper.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe
2384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3228	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4872	1976	msedge.exe	68
PID 1976 wrote to memory of 4872	1976	msedge.exe	68
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 1092	1976	msedge.exe	89
PID 1976 wrote to memory of 4732	1976	msedge.exe	88
PID 1976 wrote to memory of 4732	1976	msedge.exe	88
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87
PID 1976 wrote to memory of 2920	1976	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://atlassian.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffce9c946f8,0x7ffce9c94708,0x7ffce9c94718
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8353291790061758720,9735611148901596341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
176KB

MD5
5d7b32accf1fe54605e5bea9c387deab

SHA1
b2c9739fa5029196e475858f80a8ccfdea668d17

SHA256
afdd8c89bcafad49da799338cdb1e2d80584a6322e08800908d988796ec9d0aa

SHA512
229d14d2ce19b0067473ac42986e19970b149ddeb36fc36364cb8606d064cae0de02f61cf3c4c37c8c8fde521de81cf4d274694efa53ca9fb243947a5dc6aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
46f85e701417e746c8d4d45e14427fef

SHA1
e3b874332f5fc13f7a104f7f178cd14cf6663330

SHA256
5fe4570340b2c220e0d58728e98a754cc03c7c15606085cfbce0a42c2f342eb7

SHA512
cf8c099af6e48659de763f9f55cb5b657b5cfc3c1bcde0c806b6c3054330ee15c7186fe1b3bd14b98779ad97c6b4a3930770af5405a773915736fe99c7fe20d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
17KB

MD5
4bc6d48e79894f1f2f3e9682bb127c8a

SHA1
b112d98fd3fcbf871594358402eda239fd356a26

SHA256
5a9a50db593c5d5a6ae168e4d4fb9165e60bd72471a0267d50f0957493070e8e

SHA512
beeeffe73bb9e63c6f5fc290592fc8733431a090d9fbe2514e1308d76ba58171682faeedaa2258aedc3d233ecd4197edcfb2c2b76285e13d7bc5ad3d12c3ae74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
23KB

MD5
8111ff966edec3ac4a185872c2b7dcbe

SHA1
02a3a63996f14e029439086c232fd0a67e24a09c

SHA256
6aedb4733cdf97cce54c4e2ac9b66ffdbade3b7def67c8dba0c71d106b17ba44

SHA512
b38a86426eb5f469a87a1276235ebc208bc7a94f54ce9aedea49e2a99b004f979fa525dff709a51fc796385624fbe3c1cbab14032b31b29bdded6e16d3e3cc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
803KB

MD5
b38b6576ee004fe3a774db6232794a2c

SHA1
3ea21ba2f8fe6e3701ce703e9b25d3d8ec9f96bf

SHA256
c3dee0e71f4bc0739e2b6c24ec792b6e5c3dd3536479852a855db89e9f260f50

SHA512
866f816481adf8c1d771a9e7db3b57786273c4f603fd183dea88bec176ded0d60a180bdbb83d5bb25bac316a93efd7680cfca592eadab9a4fc551837b531749c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
18KB

MD5
b7309ec2fae406a2bb5eebd0373c1718

SHA1
de82e559e8e3d9da62438a6475567d10bd3c0fe6

SHA256
10c000af14a4e3f8b68890752b2d032dde8c2ee8c8377650f6af19630eee92ae

SHA512
71f2c7ebb6d2013aa3cc2d04f1c8438d4fe54f44135a4a6bf8c4607fe753ba71825ce3301afc3180f70f98641e83543ebf62d48127998ec3a3713805b28d9802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
50KB

MD5
c6324f37fba1ea1428b5f1b74d2fb2f2

SHA1
5d2aaf095b8914e3c665bd95a1699151e10c491f

SHA256
4393d91dac2c6aed5f802a15a7d816c5223bdbcd4b830dd9f3f40aa7bf7346d5

SHA512
0dcec146c2cec094150a160f1ee6f503a87e1beacf2a60c1e6b71755c86abba6effd48aded00dee7d54eb082802a7f792d658946ffa6704f8ec403ff364eb7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
37KB

MD5
69e08ca7d85b99e4c3b8145f98d519bf

SHA1
7c0d4e15c628a0ec3f35730f065b104004e7e64a

SHA256
35e74ece17083998ef069f1ae5f67bf6d0e9abeaee91bff43f04fbc8a2d28275

SHA512
cae8b0c703395a237eda4c15211e571011087167256beeda9965a70908570b1832697113e54db2ccf6f9c59b107805b56681cd987d570c03b6ef8e435dcd8d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
33KB

MD5
c6908a7d4fee50bc839f17dd498e4c1a

SHA1
fe150da1f6c32abaa979aacd5c24594cf80ebf32

SHA256
3092ca1253d11ba3b14d35c86dc7eda3c5f396f1b5e691a5ec1d0f61c2db3dfe

SHA512
15901508554ff725e2c8b9c1f64c7f3cf5810801af71dde512928ce2657ad4670ed80eb704ac69b401f47a799f9884d0042e66bf00e01c17eb403a5a0108de58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
111KB

MD5
7541d474e4bc0fafb41589b45cc8f9f3

SHA1
acd48fce4a5b129b91c7bf62d01a91a1122492af

SHA256
0d9a0fb79908b2ea0d2258b4140a710535bd96420754b6b2ad30e507f7e8082c

SHA512
42d3acc925377ad56055147adbeec55c4020d5f5deaae00bc4f1b3953e8d2673cde91b030d7d68b48fc74dabb483de0771be7c0db63def27b6407a2e894ae03c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
71KB

MD5
f08a8db07b7626ee600705e4c229f14e

SHA1
8ea6a2492df51d04a545fcc812cb82b6db374df7

SHA256
2ec75b978f5f69f14b07ae2b99f714dab67615f26e3317eae789ac62e3e94ab9

SHA512
a8ce9f086c1ce2ea1b1cc53ac48ebdf55b1931ad1c3f6f356576feaee824ca1cb4283dda8476d2a3be221ad9b529b080ff3ef19702307c5e2548fbb1ec9c3f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
55KB

MD5
e7dbce02ad6599084fe266d48294854e

SHA1
5c755ea9e27dac93e3c5b7ad501571c186631e8d

SHA256
09e88b8252b268138adf8c7a0123d44608f31164e3e18af63f17adcac21fc6a3

SHA512
a0abe0aec37a3ac26b09d43f6785016e0021c2b02083e8071aa4f130b7f8e17ff03feea9af7667d0251eaf54fffab794712d0a2148d88ba9e9f41d9213d5374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
16KB

MD5
28a57accf1fceed0fad3fba3f34d2b77

SHA1
3c911b656eb8f29926b7d953db3a913d7557ead7

SHA256
6266c913df95dd7ffda68b245f474f4bfabd72f4f81604374338ed87bd476c65

SHA512
d8bc5199b0932dee588c8456610a932fd7d23597200eebe0ce116afac5fa5ee4a63d7afd9a2753c3ded6d467636b56d739e73ade8c28c826f3e516761781bd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
22KB

MD5
390a9c7bbdebe59faaad794411867656

SHA1
1d0c3b39e9df3d34c2782dcfefb38905640c9208

SHA256
bb1ae682472ddc898125d711a47603ab08e29f9b3b0acbbfd5078fad4559500c

SHA512
591e6cde798f28a288b4272720968566050c6c73b5de7499c67444b0073ded66c309a603025c33821a5bc33f456d0fee42d049615346aab1aad3b7b9a782eec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
98KB

MD5
2869d810394b0fd33bf7659d238eb9c2

SHA1
bcc50bc1c75d2efdc05318e763b386fa664b3d28

SHA256
6d1f98a6665f6f38b4d91b2879c4b429fc4ebed4a979644c5e5b23aa56d852e7

SHA512
06301f34772217a627976f22ce1f5d5e38b47f1d7c49cb3d2e80855c84f1e9bb0cb25cb228033a30f65dbc85609cf111beb74552606bf3220789da6f955f7645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
44KB

MD5
7ff80b2b91408b55c7450f3cf70e3e12

SHA1
7a6ca3e804ea28e7db76f08bdbab1b1027895fe7

SHA256
686aa543ac93b6a57efe2a09a917a4ffee664fb4d3ec36ff65ac2f6d11f9a4ef

SHA512
93aafdd90424d678a073391d56e2e084e9a0a223d8d6024d15a57c515e2d69dfe41a5c20017b7b9677d5e456599840b53df15b8a43bd6a34636b06485afc453e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d239e9c5c16d893_0

Filesize
28KB

MD5
c5b310c39800a5ba2f59bbd649fcf618

SHA1
1b40c4f98d704e286ecf3e1a395bcfd116323816

SHA256
c3a9cb5c3aff2c561160c16bdd427c2291a65f58d23b992162f01ed338121d98

SHA512
01cb044aab69b8c389d5833c1c6f047ee969d15b5f3c16b00211a334558a97bfa09d825baedfae494b419fb9d0ed865a683743d66fc381fbb51914ecc787cfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95923f8f3ff2ebb2_0

Filesize
11KB

MD5
3a2de4363aa0f99fa79ac97c132f9704

SHA1
4abded9eef9a70c413a9e38262780d50b0207ee2

SHA256
6d2805bc44ec961f6cf7cbfd8fbb69cf5761804b5bdc041ac6eb5ba593f56283

SHA512
21f3a83984b992437de2fc97ec5f5d1b2b33816046426c8972b344e1f69ebd10fda6513634173ceb840c93898cca9e1c14467bbe2c1083fb81009d0aed0667cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0ab3d48e6fe91dfb7c496b2e9e165328

SHA1
4be1a575621cdbe2060436bedc99727d453d0e7a

SHA256
dc5763ddb3a48b5b122dd57e93d7ab615898fe3677086984595aa31b746deb42

SHA512
313ce034a6d3a2e2360ed854bf58c544a193263a3b8c2af7d3a7b115580d0b543edd246911b723dfd5dd5d3b1cfc1a4267de1a6ac12d5bf4d758c509a073296f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6b0cf6d75eb6ea528391eaee124fdce7

SHA1
c7f3ecf1cfa5199553c0bdb343198db115ec4e53

SHA256
38ede4d9847e9204a6b674c707b3babaef349371054615913ab069897bfa357e

SHA512
d0bcf75d84bb5dfed0db819e197814054ff7dc57c3f6d5093c0a6e52d93654515b71c63292b5645f6021f9927dfb0190069755f5812c88bd957b8339bed8c554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0bb86ccdb3bd3e468ac4fcff67079ea5

SHA1
2593fde6f4a13aba46367ab3664ad57c3bb0d848

SHA256
6d6d4f3f682710723251d5e34a3c41a920fa7bae567c4a94b173db98e6cb3c90

SHA512
926c302a0c3a975804b2fe0987da2ea7478587d4bbe271742b1ddb93e557bee161e31a7688110feee68dee05baeb2df8b0884f22df72d53340253bfcbf8a1142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d0057afe13457bd790a3eeceaafc5bc

SHA1
e71d4a923194585fa08dd4baaff56f08fc0d056d

SHA256
ec93558d7786b795f172f49fa1bcc835672d70e920fa4368daeb2ab1b66d327c

SHA512
64d1800a18cbb2ce7f7dae2e6a4b79b5fe2f119a056636966bb865edfad7a42520faf4972a17da53d4b3e2cbc3b756b5e540788795ccab281859c1526937f405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2785cc596ce41f5f87d0381c297bdd32

SHA1
b272ff86c4c7c90fd79fed40e5a924767035694e

SHA256
4327e87f0cc62807049562647bc5d727f17e0954dc6d0fd3c58e428627ea7ba4

SHA512
cc2afad8c1eb70fbfa78d68eb079b0c9ab8b90506cf7540052f7a1855d05cdbfab6e3610f6858138d0de491e0d81f24717ad8cb32d3c518b3a999cf92a3e7d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e1c2b35e71c1b05196790941d4abeb75

SHA1
6a30e6528f8751748a7c702b4d280e2a494c37e4

SHA256
73925b4047f152d7fe84df9727ef2a00a32f86fa9ada5d9d0b1bec7fbd4fb093

SHA512
02f40b74f161699173361fbe7c28c2a3b4fd7c5f7012ea79ef33a5884416e703791cbfa2d213510803eb07f50731c0dfdb3b0958368333bdeba9f6b7605d4dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
428b7239d0a6e0e7cf1eec7de59a484a

SHA1
1157e5acfafdfcc931a9b4f3208d230aeef7b08a

SHA256
6e9fff674b08051277ca3f106f00f1b89a3c25311a904661e6b7ce735d50700e

SHA512
b99065588255577b1593246cded8f81c16de6376f59f431e37f12c2721e52731f2f9f1b863607c2713136f76dbd2ca8e35688da23223112046895dadccd312de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c6f842eaf9ae84257edd283645c2749f

SHA1
9f90d6939f07146802ea6ee9b6408a0073b0665b

SHA256
2716a03433f1cf8a294ead1508aba61956e4e9e1d2bb6b4edff016e87a4f3972

SHA512
a5ee36e3f038ce4aabf876aa36d5a1c2b7cec6c6bc189ad184de7fbd1409c066dc9953fb26798006601e9b3cf36252800f68ed18837404a3b128e5c99ab25730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4926b6e8c8909f1584743f655ffd77ed

SHA1
f1c07d2c1322112ec59682d45d8d01e89a7efcae

SHA256
efac2fca755a8768b1403f4cd80fed893e1e4f825b99d27c31bddf13ff7f94cf

SHA512
8580210f4f1caf42de1add24cd2951200f8d118862b9f93584b0451e6ea49db19bd4ffb73ce0a10d7bcbde393ac771456d37f22443db286d48bafa9b4f7bbc6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\1bfd852e-7b89-458c-9fcd-8d4007dd513a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\1bfd852e-7b89-458c-9fcd-8d4007dd513a\index-dir\the-real-index

Filesize
48B

MD5
71b5ca16a1a8a24345b8662f1e8ae320

SHA1
22f60fcbe81bec90b89f1da0ee9ef45a1c6bbc67

SHA256
1701e25cab919b9b0b0827ef479a515b3c454d546e192a350751e89b6c463c5b

SHA512
03cd062115199771431343c56118f42ef3470922c7391389fe985191b129d42c8352fef6319325a01d0d191a9420e4875f34ecc8454d57f3c45b9b7e891220a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\9f02ac56-9be0-449e-b2ae-8459108cd1db\index-dir\the-real-index

Filesize
48B

MD5
4dc57af41e35813b9dfc919d1c11396c

SHA1
7446742bffe25bbc04678be6c6cf64fee5baec4a

SHA256
f2103ffaaf78f842d0f22ad42fea76911c4f57ad19a2cb0aa64b45aecba44af9

SHA512
af7a64167f2e1c4540931caf5efe7b3ef2007006434b61e37d0e893b48e39c6d6958dc2fc5722795a82394e08ae6b9b90d4472ab5d946d5065c00a5eb54f75e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\index.txt

Filesize
160B

MD5
56f79d7289e4296cb437784eb575943c

SHA1
651768b7c905013768560a99b0f725d686abf680

SHA256
663f8f2e1546cb4817961d3bfc0053ed2851f21115f03a85d1e69ea748ecc47b

SHA512
cdf955391a68b4974829da920204303d2523f12a9b2159a8c5cc049c74095db71aa14ca2a7d0c16395a391d68f75e6a7e365b23168dc29b69c0800461558a966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\index.txt

Filesize
153B

MD5
8ee181e9b7f6d308779e768e36682b8a

SHA1
f0ac22908a95721e089bc07f2a29a093a9c52125

SHA256
a256a218dbdfa868002c2b99f67481b846f8e6800aee5329669941861d6a9cc0

SHA512
3fc5362218bc9e94cf45cbfa59dee023d98e4d52165ef9ace7d166d8a2cc975b1c2ea23317ef7691ff497d6e2a5e5e7b3206971f6ba98a570a5a1fc0d968d015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\274d1d1f915fafc8567179954271fe742319fe99\index.txt~RFe574640.TMP

Filesize
94B

MD5
30c9ff671d69417a48153d91c8ead453

SHA1
bada5d8d079ffd98eaf901730077829c6f2f1630

SHA256
ec5e7f721857d25eb326694ec1e3ff1f54b7d08d6caee4a5fe31c40c9f05efbb

SHA512
1fbe5408e5ce73d209f64120638650983a851e5eec391e3a5985edf98b7eb7283b9f1a7c87b923a2eca7bd7905c18fec4d4f696a02a4dd5f2f883277c64c9d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f03da02d2a496fc6aa3215012c7bd04c

SHA1
b17e71e0f07580eef7319a911730042cd79692e8

SHA256
6aef771e0530f03b5f194b3333ba0d14d4cc91351d14d2ba60fe270fde918a76

SHA512
651e1cecb02bb06acd14288399de96a90e8e0dcc8b666a59ebc70f3225669ec88b23144a78eb20cbbcac037457f94bd5edef6f3202c245b92ba2191801480f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
efdd9c38494931489e986092df424d16

SHA1
a8212b5192df7c0e08bab926b3fdec3daa5e0675

SHA256
8443392e7e210aee5a00f3717e9db1df8ad2136329c7e5308feab6776557f297

SHA512
8e05acb0c605f30e98ce302bc02f442449418ec323b4bd4fd9dbaddfb7d7d52f640c772807178fcdde9d99a2a4e14e604efc8224a5e79b769289188d29e8a6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4620e141766c650a4ab1f25c79683d51

SHA1
33a5d133836548ba227dcf54b19f60c20f8fa79c

SHA256
f7398d4d3c98863a183115b51206cbdbcdf7ef2c9795be35085a7ae34d354333

SHA512
23bc743760c6496f0212a20464b45d85cc02ece94b6b9e79be7a93cad0ac5dce62c5230d2f3e7a01a2b8bce7394eb31dcbd0a8c8d1ab0839efc881316eb0bbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d4a25537784ab8e14b8094b107279b7d

SHA1
e4dba34510628e9723bf45087cca176e51b04938

SHA256
66ba062219eaeeabb1c9d34607cc68c06353ac66d107982a8c6d3d84f4208ccf

SHA512
62b61aacbcecf03fe632409d6e8c84efb67684eaa188dc9a0e69bbdf25773203d3926c4208e8f654bb9c3ff0e64d195265a1e2d8e758e9bc546b83106866ffde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b1420d442d6a4b29a89a7051b8ffa61c

SHA1
0dc42be0ecad1754b27d24d94641645d7f7eac05

SHA256
400e92486c7d2a574fb36988d0ccfc29a1f8ab34fd8074dea2a0f40545e6261b

SHA512
1fd7a812c5900a7b096105f265f1d2e7f0f76ee169977e3fb4eca88ed51b16358128b655e198c7f090b1dc95ffd7eb04b57363f5eb927557be82c91bd67037b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
72d6003d0090c24b3e9812c4f2a98b36

SHA1
349bea987f0cc4293987f15d02ac14da17b90480

SHA256
dde5cc57bfb991c2bbc309493215bcf1d251e714945c5f7790ce527bdd1b6598

SHA512
22b02503c46e816a634193a5b19641724376f1cd723a5aecb6473e2f7d3a457f0dd3a2240c3ed6014a279fa7e9c2a9528330ffe3026193765fe942bda83aab1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578d2c.TMP

Filesize
3KB

MD5
a2ee4bfb3dc2ecd1c1beffccccda7557

SHA1
b2e226d06d73c7802edbcfb463f4e4f9c579a817

SHA256
3823fa4674b1a737ada57838095ac1bc0aae6809947f1129bac45a87b6715a20

SHA512
404c12f3769bd561462b9d997cd7b56346992bd4df8a0a2b74632c66056c4ad42a1cbc44ba745b42cfcdd8e133e90c3c107afb4efd7c784678f9f41ce9c0abf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
23af53396f21427c29b75142fb0900b6

SHA1
23b609a8d46f6550466c21e6a10a5219a14e718c

SHA256
dd228d66aa4e72439b5d17aab08426a55d56ca01b80a6c5884c1abf4f44765ca

SHA512
800c42a90263227716c4df2fae9359b335e574367d05811ec5125d995f70f097a1f651415175bb68c8a6fcb0bad38cb00315bfa986f8fbc16950b1adf274319a

Download Submit