hxxp://ricmais[.]com[.]br

Analysis

max time kernel
102s
max time network
101s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ricmais.com.br

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1340	msedge.exe
1340	msedge.exe
2992	msedge.exe
2992	msedge.exe
3640	msedge.exe
3640	msedge.exe
3648	identity_helper.exe
3648	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3460	2992	msedge.exe	78
PID 2992 wrote to memory of 3460	2992	msedge.exe	78
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 2776	2992	msedge.exe	79
PID 2992 wrote to memory of 1340	2992	msedge.exe	80
PID 2992 wrote to memory of 1340	2992	msedge.exe	80
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81
PID 2992 wrote to memory of 4192	2992	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ricmais.com.br
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xdc,0x104,0x108,0xe8,0x10c,0x7ffb0cad3cb8,0x7ffb0cad3cc8,0x7ffb0cad3cd8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1716,10690753024257813135,2529322254580066651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0c59e7be-e90b-4feb-85a1-cd5bcbb94921.tmp

Filesize
2KB

MD5
6ea2184f8eb71dd9e273d66db36e8149

SHA1
a38c9b843090e1426774e03a9a0e3f743efb77e1

SHA256
1810c9986f1bfccc579e0d8e8756a30e5289816a91ae8065ef10b2c581bee33b

SHA512
7ce669c12db670394175fed5d2cdfcee5d8cbf407c1d3a2fe2ccead554b0d3103d9bf40c7a154ac29c4a9ac1ffb54d5576726321a1d66d016bc03aeba03320b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
62d2bb904c391ae47e783a1bf12cf4ab

SHA1
3b6f7af0084534254b0a66206e779bbd2843415a

SHA256
f97fa706028d62b0384aa658f12bb6c4696eccf0c3a0f18cd4893b5a083c8c56

SHA512
d640b3b19de6187ebd88b063b5998a6f342dcb71c66fb3204598cb1c3cdf4db7f5eefbfb642308b8d8789ae52b69bb9ccda19d5391729dcfcc5b05ecf38ea1ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
51KB

MD5
b45dd9281ab4b55e9235a873663d5c80

SHA1
f5a7c9d82cac997483331b08a5f8c6d8675dbd62

SHA256
fd503d88b5c2acde2efd3615093c35dc86ff970f3819f46f5da763c7a1db40f9

SHA512
41aa0814bdd50471c896cf201bcc502e5f98a27e124c5239fca894d00f91bf143842c41809036ec154945034176d0956eba0da0090a0cab50bccda421638ec00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
48KB

MD5
b20fc29e4475f7ae136371bb6c4f408d

SHA1
67866c0ed658b977d8fefd7fb1e1fe4ffe69c24d

SHA256
c1a50a097c816a75035b7bd7d5bd64f2e6efb69402bacecafbc539aa7f8cc2ed

SHA512
59f8913a99643344f0279b8756d60cd001324fdddfba5c94390d0ccf66d6a85da15eef5b455cac7e905b785e871467e5cf6005f2d755446ec2d9cf13434a1ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
27KB

MD5
31cd97d2d1405f0b9624d3e4c03da2e7

SHA1
db220ab943bf066ce2d0d102038c934ed687a33b

SHA256
3afa9a7139f89b87f09f87d622273be5bedc06c8d876a82e46f57a51d16ba699

SHA512
70975f96f6bda2398471766a77eab2479055aad1ec7f67e5c9156f8462f89bf1525db71146ea37903014e00d857d89611d868b438fa8a419988ee52dc617e55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
2ace30610d1c8631b95413998eea7616

SHA1
5141d698221eec64f98c3897bf410745d66d6f3a

SHA256
9ccdff206877f4db6c410674fdf30509cf6c908a1a83c43b9d5fe0b2636bc122

SHA512
8e8a541ea1e31cd1e74f006a2bcf07c6a60126028c117ebd8099e9f8304bbc678e38b1aa481ea58fa2ace06d571634bc6fc1841b0ab790bc59c824565837a573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
45KB

MD5
910e251070483dbe9bb8bf13e7bca66a

SHA1
280ada15c4a0f6845b96adcf343bff6fe703e80d

SHA256
ae330a640cedac8dd0363ba002bad2a0c775aa8921510f1010d36fac940f43eb

SHA512
40a0107d490bc316be7d187c510d4fe29a2290dc1b53accde2984b8287236871d671559ca47c3091b04ca4b61e1d718b59901d3500a90a9ab793a8bd44aba9f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
62KB

MD5
de3ccba44e690ebfb0be95877be8f4ba

SHA1
66c635b94bd5e3e6f02409bd21f7371005794432

SHA256
2b126f77c630dda2932d031ce446c3221252dc539663eb9b1cbf11b9c3da5581

SHA512
ede7e44e4f6db48764601e3a46bb29566ccc658f5f33df62151c39721f91b98c0b41f46f574cc2ff8ad1386b39b8cff98165e0d7582eda83da6a837b89ce0c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
152KB

MD5
b6bf7fa4a6b814c8ba1b31aa9402b5b2

SHA1
c04eeb43fa6a4fdf40865faa0cb33db9286a340a

SHA256
4ab32416288b3c95ec99e110cbd482ba97a8a8e2bdc354f53ad480e53a97fc9b

SHA512
623de5a6bf2b8bcfe71855af0e26e5d7f317617955be839ee737b9286ad189ca39e4071db16822adf3bf971fddc6cfe14d27b66f09fb13bf24cbcbf3c42bc0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
67KB

MD5
22c04a443316a8f19693fe1cf72a57c7

SHA1
79ebd5427d791f4b85759c520dbb17eafaa089d8

SHA256
4bed01f2abeab6a751a08ee43d8499ffef3aa8a42c4c41b082fc4047968f10f9

SHA512
1acaa0bd5c5e56569f634fdbb39214b3217423f5935dea8d1abc408efa5cdd730d1ed4e02cddebb4590753cb852ff2be46793223429777960e83d378907efd1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
91KB

MD5
12d4b2e503929b2c9a4e90ef65b8afb6

SHA1
9d6102ed773de37ebf23f7e50fda3b50e20356fd

SHA256
921f18f91de07f1973a18adabbb4186f16afecbea22fb5758aad6c9b25601558

SHA512
25ee6c93a7a13cc3210f14ab27a8faccf14ae6c22e3342f0f290195cc420b951b8324eedcee806e7d06f7dd10f178675e077cfcab1bf4d456c4801ad56379abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
77KB

MD5
116dac04948f5e402da82cac71e6d6fc

SHA1
7831a3b4bd52b1e89eae7269538a3bb9b2bb83bc

SHA256
1524ab6f628ede02cadbb556f6d731f162186180e63427e9659d92835c832e73

SHA512
67d5507178d904faa31dd84acad2804a4fff204860f0d74017be08c35fbc8c6d96cf414eb8bbd0568b2b3a4c65e50c77b22fded618c1e304ba644a8cc167b146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
137KB

MD5
2d568d2d9e76c7ffc6b8ed0a8c04226e

SHA1
215ddba368dabab37ca8011906346e106d8213d7

SHA256
5b6129923320b0b631a2f11e26c7d5db8da55618d335df19997a9d22300f38e4

SHA512
fbc175e5017ea9660c2175756ed8edf075615fab38667313007cd9b429e751cfa5630f8bb37eb36be22ab56c4a9e0525ad5f9edf78c95f48408d3f4a2506eae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
79KB

MD5
296fa1f396bc967b920cfa5e95f1e52a

SHA1
c2f8b6577a00e21c33f6be0de255ea5943ec8fb9

SHA256
68ac9859a1c28fff06e50ebf9d217fe2b913138096d3d768a273cef50e1e31ea

SHA512
68de44536aff39d3f224b071e1df2b908179595d364dc6ec9fba0f5feb441eab91399f63517908db1e330e9c7812289da3aa9db941efdb24a2943ff0c6486f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
32KB

MD5
740fbdf056a742bcb943793072c8a6f7

SHA1
ada0368ec69b35ae3049fde7cd1682ade58f8e69

SHA256
d2c97770683f10c34e6911a0c531bd53f1c63040ed1efde9187eb5740ceaad56

SHA512
9fec8a66c03bb2ebbceb6da2cbb0bc410b12cfbbcb5523c1eed81c748160bbeb32f8cf5863e6deb4ac90d74677f50193c460830e6deae39b47459f30b56f55d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
109KB

MD5
36f8bac634b36543cd2bb821c259bba4

SHA1
2032e0c432aa798494b2b73e6224df17ed38419c

SHA256
49948961d0d062b92c5653ac54ca9913e5f1010ae2b365372f4213aab2edc7c3

SHA512
7717adbcad997daa4451eb11f1740fed50a3b9a41f618980e593635aa352c8cb5b1897b56fcc9ed6cea5a197208ae72e567847ff44ff81846b6cdeaee2b5d4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
116KB

MD5
b5a388df1def6d77f4537f4e8aec5bae

SHA1
a3ed949d610fc7dc3ed379c7adc9dd700ba08988

SHA256
754358b8bd96913859f33305f0805f71c1ec26b9b0d86d8bf91d583e2f2690c8

SHA512
9adaa0cf3c574ea2d0704009ac0e88ba49a109eccddb8bf2895c96c8c99fba3b07dadc71801dc801d792f194d56b97234c711fe766d0ff07a8d4c4c760e5c14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
148KB

MD5
a7f7a478130eb90244ecdcda91166cc6

SHA1
21e6c59e93e4cce4239dc1dde40f5fb675e56d32

SHA256
03d72d2c922df6fccdbc669ac94fb38cbc8c427c8813cc9250816547a3f11969

SHA512
c5cc78dd9bbd9d7a63de922cf17b24930667ebde28c4d8c722b113131a79ca4dc739c98d07d9040cb3feee97ca43f5cb2421a407b94a4413a28291be36ab299c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
20KB

MD5
ba4cf771a32f4971194a7227f78db718

SHA1
f1dea0f727f1aff754e34e6a07b6b33fb77bdb4e

SHA256
39231a36cd3e43cda0d895341af52e1153e8603f4126f2a4709afac76d97d76c

SHA512
b30e3b5e29167f89c5ea35ce7a7bbbb9957dbe5599832dc373c2712536757354c3d7ed63294e8cc9b00d551267cbe1fce294c73074a01c94dd0e366672fa826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
44KB

MD5
e05985388d9c2731e8ab4f9abfffb9ec

SHA1
c46e17f722a7933fed1f042eddb811ab15789e74

SHA256
4f89e8f5f0fff962aa6d0dc8e06f22fb8c13293dde4d3a92c81f2579d441e758

SHA512
e18d79241149aadb7d12ee4530c3d4d2eb922a09251e894b28b4605e1eac6432b670c6ef6e024dfa5f5b0cbf1d67657dbf99acaa42581e07316060dae8365561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
57KB

MD5
25d85d71afa5b5a7559bece67003f091

SHA1
c5378d0dfc1dc408548549b3d982eab3e04d2e2e

SHA256
8732aa23dccc8f3e656b64b6370077bb319fd0aeb6881032e4fa910824592c3a

SHA512
7fce1b96cdc64ecd7a422f8d19d1256f4e3d2c42e8d9f809cf90b134cf8feac0501a15775c876a6cf60e21a5a2b902e1a988c8fd443c5c642eef3b52589d0055

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4068126aa0a8710e_0

Filesize
275B

MD5
4eb1392e42dd388ff186de9798f6e87c

SHA1
92b92b8306dbb8f5525cd6a5a51f17a319cf2b05

SHA256
eefb25a4f3883df67bde8b99efcc00c3af6cd573874352ad32092cbab405f501

SHA512
b1373a450963b7a04259efd6dac02ae28887d0a4332167e5e6640a94c95d9138bf9b1f6d947a903c28ec961173a07bab27b2ec4d84570440bfd0f87ee4ff5af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\656bbdc0614b56bf_0

Filesize
55KB

MD5
766b3b894e9c0aa5d2329856cccab31d

SHA1
092c886a0de7e1468b5e4d01dbf500498330f4a3

SHA256
b5026ac5d9c029a3b092c14b19a7bf17d600dd6cc822a4f9190e0000434ce4b5

SHA512
9c0648aae0db0c9b1d0dd2d6acfc381e135f7f64e7f6f5c48f051a2b10119ca72a1e61b96674f91b031ca0e58dd3298411a76e01f8c369e836d2d7b26e647a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6c100f28098c7733_0

Filesize
265B

MD5
e3d1c0b9e70ae76a0d2fc22a9bd3f7f1

SHA1
963be7bbc8b245096cfe0562af9d085eec9bcfbd

SHA256
906431ad3792c57a9362beb9505adea6930fd209eb5f8ea2ea9da516db6dc7f8

SHA512
4fa2b8228193f570ec33adb1e36781fbd18b8f6da751eba41e92ab88057f6abf3cd68b9b93bcb9a0d4e063624894ac59afda6d38ea1db8c0fd51530c907c5a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cb1233fabb43cc4_0

Filesize
23KB

MD5
c594ac31368e9d9dfc60565ea722ece2

SHA1
a08ae5f96ceb9851cac4d8e34490f00bb8695250

SHA256
b3ade287a759f04074233627d29fecf008dd9218a5164fb3d69208b9417ddb7c

SHA512
967027a333da540982c7b31b1f655a78f1c3e8eed93f6999ce078822204fc9abf13c5cb16cb22136547c98e7bbe1f24853b0d3c10c31693c539b076af3f82a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e24768ae6e1dcb1_0

Filesize
344KB

MD5
8314a4e52a90429291c02dcd6b7b072e

SHA1
17f014d6d9821583ff1d5181e02d8eed945748f7

SHA256
caa485fd0dac40ad5222e0c2baf7427ad11ed9523bf89bc1cd7e07fbe7d6eda9

SHA512
31368e97b6b23ba82a20b1d1396e57ea5ada432f4108122431416270fb5c6960f52ed8a46da6daf8e1083e09c692a501ac1d79c2470b4edbf630f9a4072e5419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfc9de9a47b37ac5_0

Filesize
160KB

MD5
98d16a370d2f7453e6e7a9f67509e522

SHA1
b3c596551f532c78ac24c0ee1fd77800b4b2dd16

SHA256
0e8ee77b8a40226ba73995a703f385732283a5bdb1472d6f3eb87862fd74e2b4

SHA512
66d3cb74902730af919efc11fa06fa290d8ff8b76d1594e9f32813a791733d04e349f4e9c846b0396f498cc3182601fd3badebb64e2284c95fc3caafe6d2d7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\faa4822240500331_0

Filesize
14KB

MD5
65825be5475d159a6f3f802987760a00

SHA1
1239a4986cb0db8f327ce735ac3bd99b59c361d3

SHA256
4183819f76f427c241de1d3c49717edf7ff33f4b13e68c5a175db9699939f8c7

SHA512
daf4506a694b2b1de52234756a27f301565722c9c4442e56f49e51a1d65e938834aa5f82eda3aefccf43c8eff73597262a55fbfb558a90673d399061f9c5ae73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a36bae556d5db46f914bbd8ff0a40628

SHA1
fc9136552dca558c58a48f065b5bda2ea655a958

SHA256
00c9144ce2d4848d339077eb44df299e6bbf185202330034c0cc8fb6f87e1d95

SHA512
87dcf715e0aa6602eed2c8f89fe00ff83e634cfebedf09d2becb6056046f45c2a4d00d8da496961d2d97ca4e15f9314fddd01bd63dc4f38998f9aa86efc8a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ced6c6695545d97eb92e9cd8d357dec4

SHA1
42ccd9a2a1796275d4800ab3cc6f240cf8688f01

SHA256
a7598596c0d301fa0a4c7160d8765766cab120b5a7b0d47fe97a59b4d4c3abb6

SHA512
eaac7afa826b595d185881eba6460e1ad0a3d2c1999e913a17433120319f20e72bb87828e2c315d8389219d5dbf8e166d2313d734fc829e10aac6102effa0f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b72c8187d1a4ddba7f82049b2e80c590

SHA1
562a60a54c9a2f618ce177f3dad3a0207c5af53d

SHA256
c27325054346c2eef15e32127cb082e6ae5214ed58fc41e8e12ceccfa8c27ce7

SHA512
db5007becac238e22a1945af6e27a0ed0cb56cbb1aca76d7aa8f8c2a5381aa5e1e7b6e95c2741d35855e2c16ac86850341e1ee28459a3fbfe9d96a5975089d5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
264f932c7af643bb1307ecf9edd3b420

SHA1
20ddf6831429de27fcefd3ea997c0e2d6b1a92ac

SHA256
c15c08364dc518c7eb3c21880b29562e9d4eeda7bed2e8d53ec93a5a9d18f91e

SHA512
7c69a40d51f63c2ade07a47a9510eebe3acc77f7f84ba0c94cc3a6a345d9fabbe591f09aa55233caeafd4e40cbe84a69496ec9ef0790c10f4403f16ca2b9bd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a34cf5af50d0e12d9f0c7b376ccd6730

SHA1
67cefc1a12fa0d58a171f48c9e94dfdba98af087

SHA256
315b1dbbef561a62f3abc1174f9258a881d56eb56a1e1139533d5d20f45ff166

SHA512
c9d5a167201769a128fdf666b561d7ee992a08c1e0b1b56fec0ac6122140feb1226b8a03a53b2948f2bcad2362a40489d5797d8fcdd4999e5ce13a49996032a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
aa7495208146639abfa0bd4e65df4c24

SHA1
42f1277cee9c060624e12cff5a8a365734cd3356

SHA256
4eec24ca71d566f823ab9d71e7e80e4782a41d9d35fe4624279d3e351094ba71

SHA512
682153687a4a969ff71cb28fa3c4cfc1258ec31c99325e4c84f497a10f2fb54dbe0e709dcf6e80b7def288884e92cc73167b646b7ab41eab9e3fe005c12c1f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7c4034252508d19ae0ad5872f2613a3f

SHA1
018595b5287617f4106baad56b348d7dcfbdc057

SHA256
1ae97556871a708632f038e8904c3430659d9e45f109f2130db2f1491a48eccd

SHA512
ab7a3945d872dd1a7bd3fb532c998f229a3f18e8ae2e9e62ac0f7989a7532976d887c36b5156af90e79a745adf703220b6f76509ed00c713c42717adce2140d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
278441f70c12af10303651d7f12e74b6

SHA1
e030608c8181627d7987bcdf655c919f2b5df31d

SHA256
b5f4dc3481fda8c1b223e887824182b7efeb13d9f8ba5de25dc78352b605acaa

SHA512
c7373a31121bafc926b7cecd2004d3890b69d6b958a7d115c5be284db25ff058cacc00f81c637389a07e85ab989ed85d9fe65b9b4f6f057b7ab9921524fbbb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5822e5978b6b8652afe8a8af17837bd9

SHA1
960af1160ba4a8051c22d6e0e22728745f3e288a

SHA256
b3abbf43cecc8108ad4e78949027dd175a35047ac50d1849e42e95ef48ab35e6

SHA512
de306dcd58ee12d1ad764e63a4b9e83ecbf34132d23f3fb2b978413a8675e802557a03b8aa1fdf93dbe5809577b9a5144b8260e2882136cfefdcce6265e9abfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
760602952ce8f248d6cf193f3aa1213c

SHA1
594a6ecc711c39f3eeea0551b237785d6952691b

SHA256
76995886dc5a8afdc15ea459b7018e2d123d0f349c2ca7cecf0b0bb033443fb9

SHA512
4c1ba58dd07b9bc765735bb79a43017311a7f2852649b480118fec50d28b25453545f2f08551b9b050ea1e37591b3c8dead92eed9fe859211f23edf724576d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58171d.TMP

Filesize
2KB

MD5
8881c2dbe5ee9f5ead4debf9091a570b

SHA1
cbece7e10087650a3b1892b83008a40edb854122

SHA256
954722bf29acc3ed4d403ea70f307dc5b68825ba13989fd849dcaaa65528cd9a

SHA512
b2a15c8002aa7547050422472cf43e7dcbc3b2c69739c82dd010930d23e1b4a0f484224fcff23a3202ef818b39e43cbef87d4902446c30349f4369b67f8e653c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34f1028ba2617dbd3216fa6074c514a0

SHA1
0d90c732bdbd1e559e94b38ff50cfe70cf85d5bc

SHA256
397917b933f411eb395669e63ffc79b3ba8ff3f9ac2806d3f2cb21aee77af8c0

SHA512
d343e029f4ec13ce289c546dfd0632ba4a3fbaf059972b17a353e9ac7d58e6ca867ab3b0d618a038daf74ce61062477ace01859faa1388d4fec579f2478bfe47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e2a3d26bc9ceb3e0136e8a0fd4616a96

SHA1
298d202acd2da3be31e79d0f7d3397d8b14fe96a

SHA256
7bc43825732160fb50081682686db4f60b9a4dc4604c85acbfa2db54f7459faf

SHA512
1bc0cf4d2f6b3de72b3ad0333567c43a6814ec5904b6101e0d02f1e4bf39b08cd164e1469e4dac1a8e828f13760e5252659268faaf057bb517bdd2b91df238b3

Download Submit