bdb22f09d49667e590d7a5d513abbf0200877f2eac83e33718fd6d3c61171b6b

Analysis

max time kernel
1328s
max time network
1332s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23/01/2025, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

53KB
MD5

2e38d4715b6d15efef899dde9896dd60
SHA1

7afb7e687ffbd89bcce6896649021f9452c77a79
SHA256

bdb22f09d49667e590d7a5d513abbf0200877f2eac83e33718fd6d3c61171b6b
SHA512

0df874f94f25f2187c9fa087b503d09df856f460c921a57943b421221582499d78aa4a83ca29d0a0acbccd570ac876941abdf07827ca452e14ed4dda386302b2
SSDEEP

1536:269UFuCyuZ+/oKHQWpSjSqkcAEN2gRI6ZsnVJr3S5Yavo6V/lh9T674Qscl1+CSr:x9UFuYc/oKHQWpSjSqkcAEN2gRI6Zsnu

Score

8^/10

steam discovery execution phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	59	https://gta5grand.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=906afaf41b82ccc1	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 947466.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3436	msedge.exe
3436	msedge.exe
3928	msedge.exe
3928	msedge.exe
3428	msedge.exe
3428	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe
224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe
3928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3928 wrote to memory of 1876	3928	msedge.exe	80
PID 3928 wrote to memory of 1876	3928	msedge.exe	80
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 2884	3928	msedge.exe	81
PID 3928 wrote to memory of 3436	3928	msedge.exe	82
PID 3928 wrote to memory of 3436	3928	msedge.exe	82
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83
PID 3928 wrote to memory of 2404	3928	msedge.exe	83

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb10dc3cb8,0x7ffb10dc3cc8,0x7ffb10dc3cd8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,1510294695027365104,15556066918837115377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
8ce06435dd74849daee31c8ab278ce07

SHA1
a8e754c3a39e0f1056044cbdb743a144bdf25564

SHA256
303074dab603456b6ed26e7e6e667d52c89ab16e6db5e6a9339205ce1f6c1709

SHA512
49e99bffcdf02cfe8cef0e8ef4b121c75d365ab0bbc67c3a3af4cf199cc46e27ab2a9fdf32590697b15b0a58ee2b7a433fe962455cf91f9a404e891e73a26f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
19KB

MD5
99af5da82ee74e7d9502225446604614

SHA1
7deff05853fbf1528875f9c358b8a6a31d6dee5e

SHA256
031fe7ea42e0a823949190f13ab143f1d9d26fb0b22d863b582593a37cbcda9d

SHA512
7d2cec0882df88edbb4789fc14c7721f6dca5681c85919ee1f033d5cb2324f9c1305707bbc4c534e0019a2b163291edf4bd65c374e843d75174589e7148aab07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
24KB

MD5
24c1ac9e5814fdba1876bd70e65b55d1

SHA1
440f8a4de77e05a029ae06d4f500c72308285d6e

SHA256
7cf9b84f3812c9377c20ff7b0826eda7092f11f33dd4af560413a6773f3fca43

SHA512
bc848fd4ccce7a1705b2b14b2ba1a1503a6a306096ac8460480bc653a2d9d4744fe21a0a39db573d7363b3c1252c6db1b594f029c04beeee9ccb5714c80af7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
40KB

MD5
a470afc683c0884e0eecbf5dc4145f75

SHA1
fca0247e27d464bfef50a7bc751c06a41e65cbd4

SHA256
510940a8bea63e45e47699ea55eac22bf4af4e8cba3b6f20a4948d21d8934553

SHA512
d8ab0bd333c9f809ebb384d53d82c7451a03178cf443c15b903f110b7bd8631dea11cfc0b479028f11105b7de623ec48793d8925c3ce268244c644c71b5072b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
17KB

MD5
78009b0bcd5f695070babef7964ce279

SHA1
817fb69778754c2d5976909a48525ea46136992a

SHA256
a179f5a994b7974aec4a54c2af8d07d1d0d9d2cfc66c81246e1299a5a0b1ad19

SHA512
922be73fde8d54afead642c60b480f7c2d54fda6c840cb6976b02f10d12d67df749b5af21b7e441342c2007a17287b1ed55a9dc894638ff8fe21454be171b42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
218KB

MD5
e93e966d21aba85448fbad862ebbcbe3

SHA1
0bd6beb5ba0bee448204e60d3c40450b1bfa2f0e

SHA256
9cf8953f31921ac3c2c115ba667b1f2c6c7fd9996dfc01a988b4f708435b4678

SHA512
0c33f82e4e442d02505388f2824a4bba9fd509ab259104eb98ca7f482c2e92b88a15939826b3cbf833cb9c43d76cdbd4dcbf6dcced03499aa26f6f37855d45ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
205KB

MD5
c9c9e7a0321c20a8faea53cb744f62a5

SHA1
a4f7964d6df916c63bc019879e15dfd8a010c9e8

SHA256
9dc45a4308a94cc765a3fe2409e6998871eadf786e01bd0fdcbc5e354ced331d

SHA512
12bfb41ca0dffe67448d2ca50e44432d60f150b588e168efcebe37ce4f030da3161936d443735587b9833eaf506d6448bce92985c16456caa6b2b94b48b7896e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
66KB

MD5
100655c23b1e2cbdadf8919bf6f14f50

SHA1
1b535aa013148bcf8dbae70f31064ed03380f97b

SHA256
9de4c1063286a2bcfe2c2b232e45bd8947e70d941f4685a50fd9d99cc6b74fe9

SHA512
9904ae2ea00d092f4d2cad4969d26e08b1840373e6869b358f11686d109b09eebe25fbb6a45671a918e1be53130a4ca20cb5e217348a855811cc4fdc32808f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
22KB

MD5
9d53309ac2415ed6efe77b43a5a2b2b6

SHA1
31d26e32f551242c037116da7fe1f039bd1c4b41

SHA256
31e667f7d809056c4199b4204f46dbc6cd118a97530308229bbb9d450c42f89f

SHA512
25510c4cd3ac3388a1c91b5011e12a34c409f272d8f7fbec1a89cbff45f2553f7061c1f63d1a2c06f8773b885bcabd9c96501434b8905778132fffef80989476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a597ecd5bce93dd6f0a925b34a629b6

SHA1
ba5263df97e48a7e61d4f9beb7d2bd9b25febed3

SHA256
c0dc20f9adc26cb2371e1696740b5a6075b991ca777f39264b6b25bf046de095

SHA512
acfb30c10d22ff2430bf9c2397a59ba00a1a59e59564d9a4023dfa95be486669c589746e9c7f59d807ca7c6c492ddc823a1b8539d440c0b2a6d3e2d95bf79e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
28bb7a5e237b67517f0cf1255f67d649

SHA1
d5d05facb5cf70b70b074312786ecd4f2df8a662

SHA256
287fe949f60e0f8df31b3214f3f26950e119f0efa4da3fe9ca11468cd182ab5b

SHA512
9fd2b693349252f9871a4235ef0f6707222f075602d9beddf6f417de1bb340474c03704e2394205c4e2f728ba955564d4888c4c0776f5603af957708950486b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4cfc351425f084d0dab4d047a596ff98

SHA1
abc9d53d426176512af9ebf81f6a814419d486c1

SHA256
b4d31298fec73c24abe5f14638010f84fb6d14cb7f58f2061f549d7cf929ce79

SHA512
f1a2ce06cdf995d68fda47996b80283afca311730405482b875e25e54324a849de699eb4240927b4720be5e583a09d26e8d1d0684dc7d6ed3160cfb180cce85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
49689312c643f991be58f29ffa0cd850

SHA1
dd72184bd44338758798d97208f86e7cce748aa2

SHA256
98789680e01fd953427474032b16680f238778f739cc65c803209b807cd1e462

SHA512
7f404cdb6922d297344932407d8ba305e9c5b32cf3ba7b5376fb3b4e211041ccdee94b15de4da79c7f74e8f52e1f0d49a918e33728b683c1630ae0c8da9c168a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
82b5dd0bff276be785aa0357cf7ed3d2

SHA1
af7cb772dff4f4fb031feb64768caf3bcc37d1b3

SHA256
12a08e2d2aa262f3c5c8ee15d3aaf54fe5d462ea31f2be71aa8e059dbf54c220

SHA512
3ea66db457a738f67136ace71f2cf36a218ee4ee3c21e4c327bd605edf94074e1cd79e5ef8cdf8f485e22845b0ebfc6f1880a66f3b540be39219f5513c0b749b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gta5grand.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1ccec93231a10982a1dce39d1953076b

SHA1
6c10652933642d8c5ffd89fbe34f375c87cc71fa

SHA256
f9bd8c282c7f5bad20d14a1807b97589de07834061ddd8eeb93010c93ce84cb8

SHA512
fcf487af6978b258826a529902ca05d3faf2e432146c6cdcdfa21e0a8238a8fca7bc493fefe56a64b2cee9e5a778cd63b9a4210fdfcbf01b1da2c8cb9ae1bfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1b72de6598055a1872de3852b64d9ed7

SHA1
bdcb1e0111526adb858087bbc7a39b7e0883608e

SHA256
1fb40fcedf6bdc8d126386da30404908647032f96c699335a7e7d91c8b64f6ff

SHA512
a12fd0232ff4b13ede775118d75032ef7ef71bb47a9a76f19975adc852392fd50ba4837ae8858bc3f92e7d68ccb48b67107078f1793ee00aaa5fec730b6410d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9eca6b7242f9c53cb18394982c1fb89

SHA1
7d6e1969266a5913225c2b9c3b47bc016f60ea50

SHA256
81f3821f62c73a62fd3f86dd2c51c820d58a123a8df7206b8adf40df1c602a3a

SHA512
f990230101b37e0a221d63087fff0558f01edb991671910c1126c75f8a6b9bb9c834769d37058ecd42fb89e905cba07b8d075b6ad60393f3fe73e34b27c48ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
81a9f1d19cf3590d924c57e072ebd12c

SHA1
0e8c3637e4c44eaaab3df33e29c165d02c7fbe31

SHA256
1fba1da769bf2ae9227a6221b64278d666a061fe91b251ee0dd71eb87ca883ef

SHA512
7a4e75e920a14404a486dfc9aecaa802e105c9d9039d1cb8e62c5c408a3afa78e0a4332b9c89cad1334831d4e62bd668217bcd9169eb3a0429008a18f7b3e942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
835df79e477906270999a6e3ac1a9fde

SHA1
88cc46670e09276a47c796f54e90d7f1b73cad7e

SHA256
69e218a80a12f5c121d40dd94500d75bd60b660a2e5535e1edb4d4acf15f1753

SHA512
508bcd7b30c467e7fd2cba4144c277a34fa107c1a347313c99dd550df83616502a8eadd6c74a31a2f62d6a3b9d13804ad6a2d764386c7b545303d2d451b605f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
737773acfe7ef56bb4aef1d1caa831f4

SHA1
02230b24a3221e8b058408fb3800d3ba8443b281

SHA256
6b75f3357c71191e9965ea0ef5f926a6d0c73216c577797a23578b5e79f9e0ce

SHA512
7a302f55f5ff1f2009ee8719fd2873f5b7bb7ff3e5c8ff381e9b77490e9eb8615a2015bd885ccc0adca64955d2ae0d1b6c40bbb3b4c12e7eea12ae6df8b8b93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8f64d9961cffd013b389f2178973dc3

SHA1
2eda1bc98a3f867d5690ce5996dbc0df9fc55404

SHA256
ee1ce67f9d37bcb4e80fcdff382fbf97ac681130a7accd9088e5d6728761b30f

SHA512
d96a338e9c988c4dc433c718b7c74b327232f9a27b7ba515f6eb65497c612ce15c6f8a66752ce37b576e7bd91597f29c4a496712792d4b8e4edf0529121dbb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8bd8ff75fe08ae79c243d439a89b9f4b

SHA1
bba2452117b3609674ac059b41594a1fac1cced9

SHA256
4fd91035e46671e47b02e0cb788d0ca871247923624267a6a2f6156fbf233b46

SHA512
7578c1991df072c69e1796d0851ce0ffe382e056a29f543258046cd332cd23c91482161ff87f5307295c871df445b0c0abe7d0092dcee5a1859421318134da83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4db39397a4808e431c771403ae6f85a

SHA1
c1a02bd9dc46429328979ee3778348a2f0fa9bd6

SHA256
cd0f82a21a909221e395a28ad4c63f5c46af56ef95feadc27b59b8c5b009f6e9

SHA512
ac6a6757a925b03b919346d500e67ae40fbd7df01d9896c70938e706b524dd36ea47e901e8085e6c564c1e71c06f27a90921a8d9b5d609eb8ee261a2e278f408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
82c46bae59aabe187910a667c49db3ac

SHA1
d0cbc76363fb0db4cc8163d470471333465c41cc

SHA256
061f89fec078668f8a250c59da87bcef29ae26e72408d1b3f655a1b4934fd415

SHA512
60cfbb153a763da244ad07854d2257f9138090de026b49ec814e5a4d15ccea956728731f7bbe760d4b25e31cff2be9a0e886700d434c17bcc1434b2d2015935a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
075296d4d7f769ca935e0bd275a38bac

SHA1
cc692cf387d6a6f536ebb607f79e0b7dca6e09f8

SHA256
8c8dfb4d7516ed6a14807ad31c77f4ff91cdba4084f34e723d7913476b87af09

SHA512
4d3524a6ec01f53bd04de3006627a9c5d489868dbc66909d71dba2d377587a57621065d325ff1975a93291a1bf3bdc015e19128f656774e5997ca15e0b7e03b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00db6d8edab8d5fa885f0b7d6302a12b

SHA1
691290fdb0553c71c49f37865a85507fcbfcea1d

SHA256
b2a11e25a60ee6cb8b757fd6334d6538193201cb0d439f6421aec4353f7c058d

SHA512
8bcfa9cbf7759ddb81da1811780e8a318245163c126e43cd5ff48ec6daa518476a032aba5782e9ab7bd5ffba2f6f47db336f975778d514c0f55e129fad9d575b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05b9460468194c952f58142e91aaf7fb

SHA1
059d5f6000ed8c682fd6a9aad29cea57b5ae7992

SHA256
8967122be6131ceae09f9f1eb2f2b88bd34e24437d68c2905822e0acd3bbf02b

SHA512
b1d2c587237fb721f7c6ceacc57ba82d66f53d8457a8f703f1b6e4cce5e7f34f7081c24a85c1d7557fdcdfa5c0b20db0ed4e408461629fabf64fe5846ace104f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b392eb381cae83f7ebdfcdd39d286ea6

SHA1
f51e48b4c151823a09ff079a12c6bd41522929ed

SHA256
79495b756789666e26ea110bf95da48226b8a3bb32dbbf7915b68a6b76f19dca

SHA512
93aee3f46e577c1efab36d72557e9f64cb0e3824585d32533966a4a70a6d6a2f8900085a8f0df825cc4e52f885786118b5dd940716746b5c44bf9c2a6e0d87b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1c833befcd631feafb9615702ec2f341

SHA1
0128a2b6daf9531491765f5775160eb65fb5fe5b

SHA256
6fa878d8347e0266b7fbb46101d52d8b4c11ca929e7e73ef0bc3023513011824

SHA512
49803bc37b8d51100bd875135aa1c34e6f74e455d05080f6caf2d6ea6a404a8ab90cb50f8f7caa6cd89f70485c52dad3aec650479b300c1e61e33881c7f45817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c80e.TMP

Filesize
48B

MD5
ecd170b0db4c4168a832f0493676dfa2

SHA1
ba574c69c45718d78b7e0f23eedf0bedd8b08be0

SHA256
d9d1cea70babcfd87b7fa25514a7e767bd25ebd6e074d93cf3b3bb6190a798fe

SHA512
44c5ce8407e1dd2d7151ad2a8b292b3cdbbf2fc890fff9c1cdaf93cea4e68fb8228f2343410fa84e301b579de992c2a6c33e747b97a015fef23043b34b47bb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
623277e1ddd8c576f338a8c0196a68a3

SHA1
faa94f0294aff35a8716cc6582018a4accf08fa3

SHA256
bb2fc3310226fbe1ebfe8b36098c4e0cd77f4f19f65106ba2ecf1d318b61a602

SHA512
1f78ed968810a6a97140417cc86d08befc06522a203cf918e57529608f9903a57f119c70cf60bbf2dc763366a077fcd92af660ff9872218d6fb4c99cf4fd8e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
302c3275c155a628a1fd7702612d615d

SHA1
72ef222b046e3befdb09c156dd0cf6723f3b4771

SHA256
6787593fc62c219eb9da72e6427ea542de53708d6c6a9a1687f78039d6ff2fe0

SHA512
d14531b091e364cbd5418f40389c6e3cd9747ef5f8412a06619f549f1ff7a42146da1922dd514e6c5729515582129c21341305f298ca187ab074fc667bddc95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
de4db02a08bd3df371c28ca465f87601

SHA1
66a19b0b3931975cd1f3e4301598c8f0a9433d38

SHA256
b00c895d5c51345fb6597d5beed57362805ce540be19c078e5213f69c36cb36b

SHA512
6cb9abcbfec632cfd9b37704d6cf1c689d7208286a88b9647c927cd7e6ce7339517f916334419f3c888fa2f541776d3c4edd2c2ea8bc4c1c12a2e0a452ca7422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
08aed3a832fe51897c2ea2c0f1d32f30

SHA1
7218466991ffad6ce4301eec9fa524df52b8347b

SHA256
0bc982768b93d3059a57d640a9461e52779e336afbfe3358db7c79c8d3eeacc7

SHA512
2cd7dc8b6dc8d2d9d5f49a8b0a903c724333a3f187b958c5e62f52582fc644c62827805776e7279af35a2e4ae0c03b176aa088047dad180aad6081c66ad63d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
675f5c79aad0a1278713f85fb575f24a

SHA1
a3168b58e3928f522d08d4a75b6d2e3a2d2a9691

SHA256
91669c4469a344dda394b793e22612cc762ccccef6a9735ee7003fe975ba4167

SHA512
8b54ba5668a1945040d84f55e80178506a2981c2559d648707ee33c9ca186f0216e008b35bf047c3ae0a831a5cffe2e925145094de61adbfccb9bd235589d2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
918a10827334943bd8650f1fb497281c

SHA1
48e55251d995c37e9e1134e0303d2e88dbdb027e

SHA256
3a87c6d2c5cc57133f644f7d7f2f9e2b77d0471f28fcab59eac0fb912b446146

SHA512
eed6f91e93423116bbffffdf01cc38c947ee913b14b761826f08fc48938dd21f39ae0e8bc76489cf4e6e884f4dc23ba491f20c0c7596711fd69b4425634d8ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aca0b6e5a01a4e3bf2a7546fc80bab66

SHA1
0b9e9931f060ee4ad6a7a11b1c990d39cf61446c

SHA256
75c2ccd30b27329094be3fb7a80df22e2dbcbc26ce4747492cec71e29649833a

SHA512
798435d047915415a416c87e19a21da96ad76b23fb25ba90529ae3afc837489361ca0157ca897ea1c8caa71b4396630148464ed668a8f206d0a85712ae3fde56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589b70.TMP

Filesize
538B

MD5
528bc12f837ba1e9c06878eec6f13fba

SHA1
4e30f3529c8a69cb7cb4ab9b8fb5b075d0d229fc

SHA256
24e07154f566165e366d5bd9544d7f6120bd867764405d0b33bc7598c02336b6

SHA512
9b41dbf510d3f0bfad94b243d4dd3b3edc9063222bb190ee763fc96d82cec5fdef227a8b95418fab364a4bef6d2c97bd0f98184c9460c251cfbbae88d1e49f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f1ae6f14e44914907b3eb92b231437b2

SHA1
8e7586386907c15b076ba6462c841ec2046166c9

SHA256
7820c1805cf6783d5caaaa801a56477de612a78416139917267907b12255ea6a

SHA512
1cebab7ea80b75acfddaa3316539a46ec9105fad97b8ed77d3883bef21d615991365483eb6ffafb7a6bfcee3ec325dd2341721403a280e0c1f5eeb6d1c595007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a6ba51c6895a75bafd956de8122c4c3

SHA1
a04c055bf7ecfbdff317f758984e0cb85152aeab

SHA256
86ae437e8b888cfe9a334263338c6c96cee698d1649edbbacd1032cebc86564c

SHA512
6f4f39279968a2d0f53eb7fa7f094ddc1ce2ba3f45326e645c5c71cb3580073e5b033d48dd72dfd93194121eae8af48cdcf150abd049bc5af9b7e9e0c5099257

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 947466.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit