hxxps://www[.]google[.]com/search?q=Ratatouille+game+download&client=opera-gx&hs=mkv&sca_esv=a930a3196aed2650&sxsrf=ACQVn08v49KggsDtOxzipXHBqpNd_7OnCg%3A1708619575387&ei=N3fXZaefF6zixc8PleGt-AY&udm=&oq=ratatouille+game&gs_lp=Egxnd3Mtd2l6LXNlcnAiEHJhdGF0b3VpbGxlIGdhbWUqAggDMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMg0QABiABBiKBRhDGLADMg4QABjkAhjWBBiwA9gBATIOEAAY5AIY1gQYsAPYAQEyDhAAGOQCGNYEGLAD2AEBMhMQLhiABBiKBRhDGMgDGLAD2AECMhkQLhiABBiKBRhDGMcBGNEDGMgDGLAD2AECMhMQLhiABBiKBRhDGMgDGLAD2AECMhMQLhhDGIAEGIoFGMgDGLAD2AECSN8PUABYAHABeAGQAQCYAQCgAQCqAQC4AQHIAQCIBgGQBhC6BgYIARABGAm6BgYIAhABGAg&sclient=gws-wiz-serp

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=Ratatouille+game+download&client=opera-gx&hs=mkv&sca_esv=a930a3196aed2650&sxsrf=ACQVn08v49KggsDtOxzipXHBqpNd_7OnCg%3A1708619575387&ei=N3fXZaefF6zixc8PleGt-AY&udm=&oq=ratatouille+game&gs_lp=Egxnd3Mtd2l6LXNlcnAiEHJhdGF0b3VpbGxlIGdhbWUqAggDMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMg0QABiABBiKBRhDGLADMg4QABjkAhjWBBiwA9gBATIOEAAY5AIY1gQYsAPYAQEyDhAAGOQCGNYEGLAD2AEBMhMQLhiABBiKBRhDGMgDGLAD2AECMhkQLhiABBiKBRhDGMcBGNEDGMgDGLAD2AECMhMQLhiABBiKBRhDGMgDGLAD2AECMhMQLhhDGIAEGIoFGMgDGLAD2AECSN8PUABYAHABeAGQAQCYAQCgAQCqAQC4AQHIAQCIBgGQBhC6BgYIARABGAm6BgYIAhABGAg&sclient=gws-wiz-serp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4720	msedge.exe
4720	msedge.exe
4692	msedge.exe
4692	msedge.exe
4612	identity_helper.exe
4612	identity_helper.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2092	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 2972	4692	msedge.exe	25
PID 4692 wrote to memory of 2972	4692	msedge.exe	25
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 1692	4692	msedge.exe	87
PID 4692 wrote to memory of 4720	4692	msedge.exe	88
PID 4692 wrote to memory of 4720	4692	msedge.exe	88
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89
PID 4692 wrote to memory of 2052	4692	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=Ratatouille+game+download&client=opera-gx&hs=mkv&sca_esv=a930a3196aed2650&sxsrf=ACQVn08v49KggsDtOxzipXHBqpNd_7OnCg%3A1708619575387&ei=N3fXZaefF6zixc8PleGt-AY&udm=&oq=ratatouille+game&gs_lp=Egxnd3Mtd2l6LXNlcnAiEHJhdGF0b3VpbGxlIGdhbWUqAggDMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMgoQABhHGNYEGLADMg0QABiABBiKBRhDGLADMg4QABjkAhjWBBiwA9gBATIOEAAY5AIY1gQYsAPYAQEyDhAAGOQCGNYEGLAD2AEBMhMQLhiABBiKBRhDGMgDGLAD2AECMhkQLhiABBiKBRhDGMcBGNEDGMgDGLAD2AECMhMQLhiABBiKBRhDGMgDGLAD2AECMhMQLhhDGIAEGIoFGMgDGLAD2AECSN8PUABYAHABeAGQAQCYAQCgAQCqAQC4AQHIAQCIBgGQBhC6BgYIARABGAm6BgYIAhABGAg&sclient=gws-wiz-serp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa398b46f8,0x7ffa398b4708,0x7ffa398b4718
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6904 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15985940188488768338,2512588980349869016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1af9fbc1d4655baf2df9e8948103d616

SHA1
c58d5c208d0d5aab5b6979b64102b0086799b0bf

SHA256
e83daa7b2af963dbb884d82919710164e2337f0f9f5e5c56ee4b7129d160c135

SHA512
714d0ff527a8a24ec5d32a0a2b74e402ee933ea86e42d3e2fb5615c8345e6c09aa1c2ddf2dea53d71c5a666483a3b494b894326fea0cc1d8a06d3b32ec9397d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa6f46176fbc19ccf3e361dc1135ece0

SHA1
cb1f8c693b88331e9513b77efe47be9e43c43b12

SHA256
2f5ba493c7c4192e9310cea3a96cfec4fd14c6285af6e3659627ab177e560819

SHA512
5d26fdffebeb1eb5adde9f7da19fe7069e364d3f68670013cb0cc3e2b40bf1fbcb9bdebbfe999747caf141c88ccd53bd4acf2074283e4bde46b8c28fbae296f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ddb9628-5efd-4965-b197-b56642dfd8c9.tmp

Filesize
3KB

MD5
ef29401aa5ee518009d0c47ed7b71de9

SHA1
da0d3c089cbaa1973a5f4a6d031f8867813ad98e

SHA256
7e4cafae59419a5e738792dd8c9a50978e660a4391bba6d70c343d8ce6dc4e52

SHA512
2bcd30f91772b184ea923fdd84dc9b8b14e29cc3c2bf21ba1064bb4c4cf07081cf96aaadb52984717bf0b2ca2ab0c89179741eddea6c9b1ff04d0c6f81329cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
18KB

MD5
3c5338c135c96f5d37219142cdc969d5

SHA1
b478103e2cb44ee761ef541786eea62aedf0c93b

SHA256
f66563ffbcfd125dd136e08327e8544936441b90161e24c5d6c355862bd93414

SHA512
bbd0815c1a0e5d27fe8a789a0be0d9b06f746f1c04da11e953456f32ea1736ebb40c3a9e9b88409a2c4cc15078cab2586a178504db3c99a7aad6fac5f5fe80d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
41KB

MD5
0d8a6faeec386b2c8179669c8186cc23

SHA1
862eb6cfdbcc2878e924ab473edbce15d3fafa40

SHA256
26eeac031432748c2845b120cc68143467e8f8b9044ba88fdd8f8f5d7cac163e

SHA512
a32c62082b113336aed1ce7408b2cff3a50c0077cc3528376a09178783f7854e25f6b9a05080e04a4710a7af65056560d09106a95919a142041fa748a607640b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
52KB

MD5
aff2cd676391fe6d6f32741484a43646

SHA1
72dd611b519a59c6443c7659020f074e01f340a3

SHA256
79f37529b875ae880bcd9a40681a2014fc4ea22ce452b23425849d78e43e4023

SHA512
c3237275f191c36fb590f76218e7f9fabc718821f6b72d65ed27af14f1490ff01d5fcabe91c1c4ab0f6fab903c67fe8ecada2fad082aaa1569ca650ca1b5e39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
89KB

MD5
83768c17d35fe3d78771d688f766ea26

SHA1
2f1d510e5416f48792d147151374f2513c913420

SHA256
fe070ec85d627beca4237a2a2e4a3d8a210710d812c0676a3680c9016e9cf12b

SHA512
d90d386db57365a95c79e6b944214dd7ad0e77219711b217f902fe20dd74235179358fdaa26160f1e0c05b3dabc239f8a2fe587bef9d5f5ce8d96f3044ace613

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
28KB

MD5
9f3b8e910c47351feed192cf9999cc7b

SHA1
be12c4ee7fbaf896773c9201c7265ab57800d60f

SHA256
9800132a5291706e4d8e78cdf9641f3ec5c14d38ab30ef8dd9c288a3156a061d

SHA512
796abe61fab0009e182217fde47f2aab16b2f40ad549b56c23d44a851023d54471c01b6363c74b436a76ccfd95ee75fb7e9b4c71d9262071bebb117b5ed898c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
36KB

MD5
4bfb56b27ab74a0e7ab6cff023fc53df

SHA1
6eb3e453999445dabc4fb1aea7b45aa9e819dc5e

SHA256
7a49c7ccbfeb98cfc4b946fd70df1eb98a2c93cb7e44898e54e90dd6e5295427

SHA512
9861c6869b10b4fdc62c673b35b0117e3f1d9c88aaa74b06b8d43523c35e96085365773b733dd52cd4b280ed9609467929ffb3f9d36e33d447f6d7bfe733051d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
23KB

MD5
5df1e88550b2f3f0ab887e2f42f05bec

SHA1
52a994b844b15f0e76952c9f11e4de723f677911

SHA256
f4b50007d93ed6ed84eea638831d761e39237c5fc07c5a1e46ed85a99dce689f

SHA512
b01186564c65c8b044fdf218fcb91aa4dd5b902189eee450385de1bd7ae87a854c442379668b408a7e54ed2c6e5e06ea50e80f40866ab9b91e2a6e83569dce40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
95KB

MD5
bec8c9ba81c5206f6ec251cec44d95ca

SHA1
c6eb2f57b9847f5e0e76ff028ddcd7ddd7ff2755

SHA256
0d0cdcf392f1e1d26a1bfb3c5eac7e2c71cd27297d3e3af6f904f22c2f4a45b0

SHA512
2a728278f2fadef1fb37b945c3d6be2e5c42713cda3cbe456ed1dda129012b98a746a77b4aaca5adf3a635d061ce6e5edb9669a9d4e22f081da84a8ff235f628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
93f49bdde78f35b6a50e6dbcf49d1cbd

SHA1
f6e379c0a5ab27f14b8f4fd2b314cc378983aabe

SHA256
c2fc858cd879f1b8c8bb1ed64e0fdabbbbee3517151ada30155c9016c5b9c2d7

SHA512
649e3f0d7b9f5000aa3f738bfeb89084499168ef707dbfe35188eade6edffa0e503256583fb24ade762314037022995858b50b1914d2d88ad8b18d3de367a688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a559077e39ee5e621e39068169716202

SHA1
0e44492904dbe76ea1962eb16bbb0d1f33ba5d54

SHA256
39e572fd8c35f911aba3e2e9bf9cde6813e235abbfe9ce9ae786fb2e41b5d498

SHA512
da2e945390b24ea9a13452a0351823fd7a5f02017f54b4dc8b92224a240b3086d071fddb413818aea8810b78c3594197fa09ad154e6eefd641cdd592c63f0c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
1.9MB

MD5
6adb1c145f0072bc2577b69061162e18

SHA1
736eaf3053baadc01300f4439c3588ac5e57468a

SHA256
e9a82ac197ecb9f37090a8dccd8a463160f8973b2c1a45022d9da1b6822f9b1a

SHA512
cbe370d720ea733cfe9db3e71b907c69400195a116c8036bb58d734deb216dd26741b4f2df67a8fed66631cbfc7aecc03e7af658e1f37df3dcfe709c373ed78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
b0ef594f4078836fedc1e636afebc945

SHA1
d1abaacb5e860bdd0ddf93f1de0073f953109b91

SHA256
37914a6fad0d8ecd2d006c9ddfaad1a4b9c85058c3b23b8d022818c7a2889c22

SHA512
092b41cc4ffc8a7cc9da599eecadb1ed16e5e174b40f86b59b85987b301db48c87e80950dcf0ed2af93a9270f7571761c6a49362a41b97ba9aa6eefe6cf3cbd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe594d6a.TMP

Filesize
335B

MD5
91fe765296cf89b4ea74f558c09d1469

SHA1
e7f37a0b45973ef29ebe2b0b3d4bfb233376d35e

SHA256
b925d587996e4548fe73b0f19e85821e434b883bb20c16fd59bd092047a8e92f

SHA512
113c473fea6ce4600e3cb22cdb4cd315824f0a695173c3cb927a41fd39beffbf1332e36bd00a321f83396bb8c4072b52891330afba0aed188bd2b054efac7385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
389a88ad99030c8c1f251259b2179f42

SHA1
a99622b30c4b4d84e7b8acad4682810c7ab01c62

SHA256
a2a422e3d30150384efbb10c8a3a683037a4a064ef06155fb09474d1c3a7e3e5

SHA512
310d525a1ac67c39a07ff291db4df71064b8fe4481ab42637bc79470df69ec820a61abd387496ad7d4cc489242ffb3ca8ae427483fd6185af81aa61f6734a44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
9fcee1618103eb5ccf9c30e3b0cf53a8

SHA1
aaea533036d15bd7b59ba00ed1564ac8cf63322a

SHA256
9b3072254d13351f10b909efdd6950cf6c3f9c16452cc2caf942d9a668cd4036

SHA512
646778ea4317c6ec222763794f4fd7052f0436387c38ba0bc82742981ead151a035647d16cbbad2f6672064d5c67bf4b662865eaca2cb95e8e63894d4c332c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45233a749a2058678e6687b681f4529a

SHA1
adf1ca0c57a75d759d6b725b16b4fa7b5c187963

SHA256
7b091d9bf39097efd2f9d7cf741633c9b51843e115773147fedbcf006844d83e

SHA512
b48229a2dbd379fbb54ff01bf085cb94d11149f6933a22dc7b6571c46691cfa923e7f7e0dd152781cc46b65c18d8e460c4ad2b3a7a4fcdf6ad7076a4a5f15237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be17effb74f6fa9be280a18289cc7e52

SHA1
a18704d8c12457dc4c023d2e3f16d8a03791f66a

SHA256
2582a2a08cb423ac2db2d5e797bbc04bc26e38ed9bf5215512271abcbb6b4ec4

SHA512
63cb0648cf1dbec5e7079373954165bb348076d9769df0c0161b24ec98067a6b52b13539b12c992a5d8b5da06d10631a83db09661005bdd1ab8511e0b81b91d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5dba00295da538fd62313d28eb53907f

SHA1
f8a9c4992100f7b493219a3755fa6e80728da5c6

SHA256
4dcbb7d53fd7e210c763fac0a155857c50fd84f00fcf9051a76565eea765a7f0

SHA512
ad86fb835ca9802ce631f94fbbe96c3a18f938c9ae05abb3c618a2bf96cf5f107c9be072f55a39e3e685fae7c86d627ad8ee38d8676f714c111392ae91de9344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
55c440ec21b4ff06817ddb31c98187dc

SHA1
edc2f783f22c48bc0de7d2cb59c628cccd7269b0

SHA256
6299b4b98fe860509b03c048d206b14a38d7df41d1ccb6c9efe028b5d6b4b89b

SHA512
4d39d0b6e1c9e822bc0452f1602d5b7cf3d57c6d15327e734a94d5663c110426cafdbd77477522633ba82a03f9974d91c6c66eefc38dc9893b447caed98a5e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
158385405f2c60cc27b9db69fea207f0

SHA1
e31aaa9af3877f6a3a994c98fe31cfdaad122b1d

SHA256
71d7e1c25936626137ce146839917b74f86f91c780ffec1fae7f62fca8ee7447

SHA512
cad891064b00da4b5ebe0c58a45334b541e7b1aeb27bc7192ece9b461f261bc0a8cb4787f6505a2eb2319e6b53aaab2fffde4d872a15f7ad8175418cdc8ba341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f08055d3b37451fe11803d41e6128ad2

SHA1
1ad012a60d778dc7e20226bca8f1594871ba6ad4

SHA256
020a26c8b82b2d63e97ca3874847fa374d03e2f642aa6f49d7a7c18d6c67c096

SHA512
e8073c9cd2f3ffa760cf7e976d85acf155271dd8f07c6991f295e9248c52b9b31b4304a6b049a3fc2dc38e4e7506a1c288c267952bc3bf050f430fa50ebae07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59406a.TMP

Filesize
48B

MD5
4feba5898f749065213d462329f475ee

SHA1
15379eb6aec3ee42586bb5150215f579d342e027

SHA256
ffd842228a0879b73e4971a29909ab16845429e12b702bd6f881c77bf330585d

SHA512
b60aac483b8fa1167b8b954bec0e28f2f4cef53ebfd9aceab4221c21fb674810ce57a6ca3d4f09159a28b89abb035793d17c599bcbdd4141973b5fa84634b69e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
29b045dd49cbb608f55747453b7e67f3

SHA1
63254b5c8695d6a135f6a6617fdccbee347d22f0

SHA256
42f37452f1e3b14b8667d32ddb231da1feea898de2c8c256fba32168deb476d2

SHA512
28043b6f4b27a3d87b9b1863c279bd1791aa03f9dfac418d9b1cde583ed37ffd0ca90cdff83dc614468f60d90aadea353c71bb7e2cc88fd7e0660cf83485f153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
edcb43002052a3b3959440c646a8cac5

SHA1
852e7a668827cb635011295084a39ab86ccde045

SHA256
900698b1905f8b8e1cbb9783b30e2f66a67fc76f9f7d6a48752ac0c8690f3192

SHA512
c61e84f323e61e71310302319d299208e2f16f7c46f6db573bd04858f1bbdf55208e7d66c9334ca4d258c91ef6c73d87575c6497f3987e21299f2773bd16c9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ac77.TMP

Filesize
204B

MD5
0a8046b244b79f424d00b99d6d831fa8

SHA1
9ef1102add9875276cf68c6f3d5e5c476763e8b7

SHA256
2ca35b45020d6f190f1b94fdf09e1c13f8125715fabd0fd7e9a0799b1197f29b

SHA512
da4a6af29defec390cdbf138d5e67a0169e487f19f84dda13d1aa75218ccce7c689da56e41329793a01ac82929f908ba8af5250fc01e40fad12af98ca352c411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e075f96e57fd46e3485d0f9ba4c6e1b

SHA1
9f8000ec23251e6d1591346427586d15988b1e9b

SHA256
69a9b9be276cada485f016f0a7a0c77060a92b15ebb50f3c3e2a440021f6e08e

SHA512
3bf0fa41898ac3bc134e96cdff14155b9e83a9e5c5e86d91f95adc88ee61224e6c93af9cce6f1bf95a9d5d97e54402579056e2fbe8049c93a0f2041a4d6a2f59

Download Submit