Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://joytokey.net...

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://joytokey.net/download/JoyToKeySetup_en.exe

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://joytokey.net/download/JoyToKeySetup_en.exe
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4116
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd67a746f8,0x7ffd67a74708,0x7ffd67a74718
      2⤵
        PID:1640
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2008
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        2⤵
          PID:3108
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:3036
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:2968
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:4424
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
                2⤵
                  PID:3224
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2112
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                  2⤵
                    PID:4292
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                    2⤵
                      PID:3368
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                      2⤵
                        PID:768
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                        2⤵
                          PID:2684
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                          2⤵
                            PID:4364
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5496 /prefetch:8
                            2⤵
                              PID:4356
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 /prefetch:8
                              2⤵
                                PID:2288
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
                                2⤵
                                  PID:468
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                  2⤵
                                    PID:5036
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
                                    2⤵
                                      PID:868
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5320 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2364
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5780 /prefetch:8
                                      2⤵
                                        PID:1940
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
                                        2⤵
                                          PID:2028
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                                          2⤵
                                            PID:4504
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                                            2⤵
                                              PID:4780
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
                                              2⤵
                                                PID:3684
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
                                                2⤵
                                                  PID:2068
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
                                                  2⤵
                                                    PID:5072
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
                                                    2⤵
                                                      PID:1944
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                                                      2⤵
                                                        PID:824
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
                                                        2⤵
                                                          PID:5100
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
                                                          2⤵
                                                            PID:376
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
                                                            2⤵
                                                              PID:1092
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
                                                              2⤵
                                                                PID:232
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
                                                                2⤵
                                                                  PID:4712
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
                                                                  2⤵
                                                                    PID:1896
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
                                                                    2⤵
                                                                      PID:2128
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
                                                                      2⤵
                                                                        PID:5740
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
                                                                        2⤵
                                                                          PID:5840
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
                                                                          2⤵
                                                                            PID:5928
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
                                                                            2⤵
                                                                              PID:5260
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7596 /prefetch:8
                                                                              2⤵
                                                                                PID:5420
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8064 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:5548
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4028 /prefetch:2
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:2148
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,3448478330959908690,4146063489632079501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:4540
                                                                              • C:\Users\Admin\Downloads\JoyToKeySetup_en.exe
                                                                                "C:\Users\Admin\Downloads\JoyToKeySetup_en.exe"
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                PID:2860
                                                                                • C:\Users\Admin\AppData\Local\Temp\is-PBQIT.tmp\JoyToKeySetup_en.tmp
                                                                                  "C:\Users\Admin\AppData\Local\Temp\is-PBQIT.tmp\JoyToKeySetup_en.tmp" /SL5="$1601CE,1476397,721408,C:\Users\Admin\Downloads\JoyToKeySetup_en.exe"
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  • Drops file in Program Files directory
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                  PID:5296
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:3916
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:4844

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Program Files (x86)\JoyToKey\JoyToKey.exe
                                                                                  Filesize

                                                                                  2.0MB

                                                                                  MD5

                                                                                  e5bcb714b9d68405eefa6e72d409d830

                                                                                  SHA1

                                                                                  0f48459f4afaf9b83dac372864691d0f6d595d43

                                                                                  SHA256

                                                                                  565721fd39b38594d83b2b2693ee215b8ab03312750546380640aa7fa0d22903

                                                                                  SHA512

                                                                                  0aa7c809775e73c16f1d5cacd01be6419ea8cea7ea47f3fb298167011f94f562192d0f2bbe65461fd42a16e558c18b73516059d7fb224a87c09f2a33e76930e7

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  bcaf436ee5fed204f08c14d7517436eb

                                                                                  SHA1

                                                                                  637817252f1e2ab00275cd5b5a285a22980295ff

                                                                                  SHA256

                                                                                  de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

                                                                                  SHA512

                                                                                  7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\288ebd08-09be-4b18-981f-566bdda61f3a.tmp
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  b87f11d33273ab24c5b0ea64e8f489e1

                                                                                  SHA1

                                                                                  b942ac62b7308361ccc9cdaa0c1856aeb730ba73

                                                                                  SHA256

                                                                                  327ed6b0fd80d9852e0c509483417e727fc539052c7ab780ee9864613e72ba5f

                                                                                  SHA512

                                                                                  f1fa85eab88084c54a6989fe1d25a4107f5777265b2737dd2d40c9e79ce8ac83e8c8839295a35df9a33ff12712331c21d128dbde6b7c7b2e0713be55368dfcbe

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                                  Filesize

                                                                                  61KB

                                                                                  MD5

                                                                                  de88eea07eae84aeef510fb69593823a

                                                                                  SHA1

                                                                                  26cf9c9181ac9f00df34b6abf4faee271b057dab

                                                                                  SHA256

                                                                                  3002c562ce1f7bdd7bcc5e88677b67fcda891adeaf4f1913801302a1d4abc63a

                                                                                  SHA512

                                                                                  f69894bb1f2060407656eb44c22890dcf62f9b08747777f74e4a59d700749db3735c25b66eaff25e834d1be17ea739ef0bd1347f5cf18d5a059eda0c070246bf

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
                                                                                  Filesize

                                                                                  50KB

                                                                                  MD5

                                                                                  1b2f3b69c75cf0b952a4d123f16ce344

                                                                                  SHA1

                                                                                  e79237aa5ffcb16419075538af7a7ff458ce802b

                                                                                  SHA256

                                                                                  4164f63a2b0ec341d598ddb164c77bab7b038a7ad1ffba3cbb0040bdc6529c1a

                                                                                  SHA512

                                                                                  f2c29082e036439917813dc5c1cdc3c15ae52980afd49932d994426d428cbaf756f9cb8989dd8238d2133ccc7d164e48837b933c57021446b99779bde19a90b3

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043
                                                                                  Filesize

                                                                                  20KB

                                                                                  MD5

                                                                                  87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                  SHA1

                                                                                  eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                  SHA256

                                                                                  e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                  SHA512

                                                                                  37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
                                                                                  Filesize

                                                                                  19KB

                                                                                  MD5

                                                                                  88b8c44a182eb154bc8f8040f79f8290

                                                                                  SHA1

                                                                                  94548039b5b5786b7a281a8b1b3dcb3f3ff253ec

                                                                                  SHA256

                                                                                  f83d8f6fa5ce051745494429e6c7c0c63cc29d739612dbd9948e54e93afee2b6

                                                                                  SHA512

                                                                                  787f05bac5c7cfa30533dffd9a4eaaad4c8e5ac2576b0d9fd86ab59890a1fac713aefb377e52022ca8f601b70dec8afc83a287a27163a71e3a2e6253c354b592

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  69e6ff39011962eaabdb9d360150f5bd

                                                                                  SHA1

                                                                                  a968b65c86383347829d5d06fde9ed1b53dc269e

                                                                                  SHA256

                                                                                  8bdad625437e5de1f2d049e131420a80b5044b427f23f930f9d52502f81f1e57

                                                                                  SHA512

                                                                                  b7984414e3dfb88c2c0bdbfed54fb57e6ec999f4d2505a2de02bf57e4422f97e4446e6753d899a01c24b1f4bbc23f3d208073dc6241930a35449031ea4079c14

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  46295cac801e5d4857d09837238a6394

                                                                                  SHA1

                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                  SHA256

                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                  SHA512

                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  111B

                                                                                  MD5

                                                                                  285252a2f6327d41eab203dc2f402c67

                                                                                  SHA1

                                                                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                  SHA256

                                                                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                  SHA512

                                                                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  0f035c1f41fd2a6547d60ffec071d626

                                                                                  SHA1

                                                                                  b68b6cc2b042e05c1b8e7da89ca6a18634c8937b

                                                                                  SHA256

                                                                                  67991e12eb325b012d392aec5a9506479c31cbbf155d4e56c12739341192be7d

                                                                                  SHA512

                                                                                  d1bbb7f3f7343216a07db3ebc4f872ea7e328712b182d3c33c689e30d9d14c0b198a52100fc6d4122a37336d706ae4f7cde6c60248d2dacfba344cbd8cb9b558

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  9KB

                                                                                  MD5

                                                                                  b67786e80edcc6121e7cad05bbe782fd

                                                                                  SHA1

                                                                                  33028dd67cb2a7e4c40db11adef60d2f0af729d3

                                                                                  SHA256

                                                                                  7a1234334d452b155dfa77157016d9b986068e0213baabc839c77a5f4be1617c

                                                                                  SHA512

                                                                                  9f9ad82734ab655a55c515603c051265949fd6fad7470e85a9cd85b4f4f05b562faf24f807a450523d7167a7445e532803e6e7859d8f5a2a0b4df91b7b4f8dac

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  6045b269ab809d24f6ac6b762c97b5d9

                                                                                  SHA1

                                                                                  522820276e532a731d0207654f0a61c70a06380f

                                                                                  SHA256

                                                                                  8c180d1043774ebe1e070e725e937ee77a1d171178aea2b036c27cafd006b056

                                                                                  SHA512

                                                                                  0481af091b69e61d31c3fff466850d869d5c8706088b4fb04884708d93fc26b235e3fecb94e582553650a598d0739e017313eae8ab274890dccb7a32c5237452

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  101360664d70d69e3b7bf158b8f7edf3

                                                                                  SHA1

                                                                                  0955fd4777032f20618d2804c416810afaad0605

                                                                                  SHA256

                                                                                  af87bc2e5fba3561c35007989d3ecb60e90034fc7434b573567b98dd6515b648

                                                                                  SHA512

                                                                                  10bec0b156d92c1055c238161e9affff1ce0cc911d981a6ca4062d2421f37afeca09f134430a341f06902f26138a7c81f29f05a1e41cba3412c285c0876848cb

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  13KB

                                                                                  MD5

                                                                                  5c473a66b508eb1838e5eeba3acea67b

                                                                                  SHA1

                                                                                  77818354e7a594b0a28454d2dfe81228d5e7e70f

                                                                                  SHA256

                                                                                  5e4563f3e594a8699853e9062d3c8bc8304beb6b242db618c840de6670df078c

                                                                                  SHA512

                                                                                  d4fbc34239a8ddc5c0e2b2a68fa19b3ee0861ae3f25121bf85855982d8c1f3a0327d688bac76372d420110b6cbbf3ca340dd9d2064c658890f7b822ca91c91c8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  548337fbde269c5ac99e64f8a34567b0

                                                                                  SHA1

                                                                                  790a2b47c3ecc91a41570872794b0c2ea680e81a

                                                                                  SHA256

                                                                                  641584e0540106367804ee6dd4d667aed195d0ee9efd05a52379858dbc3b60b2

                                                                                  SHA512

                                                                                  8d0f0007ae0235697aea39e515d50657a8741f43e1e3c9d5b5f6b8f222eba139c5193b9620daad62b4305b466d9198a24d8cf3b648dacf4329237c41889069e0

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  6254249da832155063b2255e6810513c

                                                                                  SHA1

                                                                                  c16c37cabc63ceea162c16f1f244db4a2d1ed071

                                                                                  SHA256

                                                                                  66b01729c851f6bc666cf9bd84749ab966b32de7ad6ade85eb707df4a6349d1a

                                                                                  SHA512

                                                                                  858a1ffb81a4b0264772a292c3b7543c46d50c138943d038a622a2bcfeb6efacdb5cb33f80a09e15275f919f48cffce17c7806eb3baa1d7008b8450388e13610

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                  Filesize

                                                                                  24KB

                                                                                  MD5

                                                                                  b0ba6f0eee8f998b4d78bc4934f5fd17

                                                                                  SHA1

                                                                                  589653d624de363d3e8869c169441b143c1f39ad

                                                                                  SHA256

                                                                                  4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

                                                                                  SHA512

                                                                                  e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  c4f8b67957f0a740e8d376a7f626f0e2

                                                                                  SHA1

                                                                                  16c134fe78b3bb3e7a61d30bf7776c5ba8693642

                                                                                  SHA256

                                                                                  4da40f09df9b9fd26acd3e3c3a2bee614388580a739f695b6b6751fb81e3ad2b

                                                                                  SHA512

                                                                                  0429f6897df21412eac6de257ddce8fba18bc957e9aa686bec8bc5fd83c3d642ea9a65f6a6b7d464be4b5b211b1850034e5f2a9d81fe28eeb67dca5732b3ddfb

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  6c7b4791d0c1b48080a14898e164a8f0

                                                                                  SHA1

                                                                                  e7f8f1c5adf7603fbd62ddb4a99bdb0a63837553

                                                                                  SHA256

                                                                                  64e70de76fc70cff6889703f49b13f4db355842a85bb97ef19b1d8e75fc6bf32

                                                                                  SHA512

                                                                                  3663eb0276aa58aa085e814a2c42f055c6ae4c6976604df10c5cc182a595f6c5745cf7209e7014c34fae9fdf61511c91e5697312013f829b26d8d436306243ad

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  2f40d5c34aceea7c1b608a6a02b0ba9c

                                                                                  SHA1

                                                                                  0249e7f2ae01516050bce4edc1397c07c11f20de

                                                                                  SHA256

                                                                                  94bf3482680dad561960805a19d857ba0449850dfa13822d926a1b01a09aea4b

                                                                                  SHA512

                                                                                  cc83a16564f000de4b427cf873b189c3fe194f85db22b58389453bc83e5a2d82925c48c23b45eada8677c3016984947d990eaddc6d729c846b3412fa7f79d4fc

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  fe7588b8a551b7beb19de4e55c0fd565

                                                                                  SHA1

                                                                                  a4098109ef7e0cf1c75ae974330f7f1969d856fc

                                                                                  SHA256

                                                                                  b1ea20f265f7214dc0c25c56dab12e0334661228565a034df1a44d01fda5ce23

                                                                                  SHA512

                                                                                  1dbb703c59b2d3a907b48712f56bf258f163b0dc333fc6176beb0700e33af3a7222b0a319ec0cca07896debbeeff994f6a2bd47d34b00c2ca4970d41030d2cfc

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58606b.TMP
                                                                                  Filesize

                                                                                  705B

                                                                                  MD5

                                                                                  c939ebb23ab82d8a88ebdd9c10b08703

                                                                                  SHA1

                                                                                  829d1f55888f401e50a36cf99e8c6cc40049e4fe

                                                                                  SHA256

                                                                                  c74333c0b6df182977506fbd4843afeaa30e7649fd12843e57f4f525a71c5811

                                                                                  SHA512

                                                                                  a7abdcf5b8a8cc2a3b5fd1dab4442ec5c15be9e5c6a351c8e677eb7c2fd8a37ad5bb01b736008a19a1c189bb8d9752efdfbea8993d8aa6497c7a5809df84849a

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  e194398f5e12bb11e63c08f348b3bc59

                                                                                  SHA1

                                                                                  111da1b89cb6c79cda857877f8b31d322c343af7

                                                                                  SHA256

                                                                                  facecc9e1c1b3ce6d80fb45e5ccece4cec5f5f64706f683ab7e66a701dae8bcb

                                                                                  SHA512

                                                                                  f0a043de66053cfb5708b07cc3ebdfd5adb24eea9cf18424835a612d4d0976326c0b414729e50ece7bacde631094cf629aa83276bbcc469d83d04cb1243edb99

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  0281bf4409a0219382b0cf24fdc1eab1

                                                                                  SHA1

                                                                                  533243139c13529f0260da83d9faa8055be544ac

                                                                                  SHA256

                                                                                  9a25875a8ee6d6f46c2ae03a6bc2471e88e5cd17a1bda15d738b27a30a6bccd6

                                                                                  SHA512

                                                                                  9d493db186be86698b0854f63c6716c8c8462f191d7a10e6d3b54c60dc39d952103aae496cd780070ad802cce08223817cfd278e993fbf084eff2482704f63f8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  09f451a26fe6b69be3393205bebbd34c

                                                                                  SHA1

                                                                                  b09f5124ffd6f39c19d09bd2a0f4772550c0a000

                                                                                  SHA256

                                                                                  41ad44d58b5f941c6ac82bf1e266d778a78affb2fffc59e2dc015a7455cabf1b

                                                                                  SHA512

                                                                                  a2c5da64af0220f40079c0f2c9d3db42a3be4e8b6117027ec08e30eb1cbc0b6e1b6ef9548b7853cf54d66d9d78e4c3aec2572fb9a7881a022e346bc998f6b4a2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\is-PBQIT.tmp\JoyToKeySetup_en.tmp
                                                                                  Filesize

                                                                                  2.4MB

                                                                                  MD5

                                                                                  8e2d270339dcd0a68fbb2f02a65d45dd

                                                                                  SHA1

                                                                                  bfcdb1f71692020858f96960e432e94a4e70c4a4

                                                                                  SHA256

                                                                                  506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

                                                                                  SHA512

                                                                                  31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\JoyToKeySetup_en.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  0994cb37d1d5816c694ba798ec534463

                                                                                  SHA1

                                                                                  75cdba170ec9039a2e117b029f73812842cf49bc

                                                                                  SHA256

                                                                                  a96d6c6f88709714d782f85e6956cb8a28c41090ff5042842537dcf68afde282

                                                                                  SHA512

                                                                                  141c458df8ea2adacff0a706017f80d01005d5094d054d0e867ffd64a1b619adff17f5412d067f9d8c4663cfa7d9233d7f03fdad38ab0d673880884177928c43

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Unconfirmed 724371.crdownload
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  260e571ad0ca16e57fa8b04a16ce8c0b

                                                                                  SHA1

                                                                                  5fba7452fdf06fd47c656db250b75ce14d30e747

                                                                                  SHA256

                                                                                  3fc050325d1af9aa20b32966442e3b104400da3110ddc1fd0597916bd878c8d2

                                                                                  SHA512

                                                                                  26258547bd679a4b3a6117223f9c172cef228d5f6a14478d3ce39b7534c3190d0e79bf1a60b0745673affafce3bf66355dd9ff0ddb2af8b981ad60b182c1b343

                                                                                  Download Submit

                                                                                • memory/2860-798-0x0000000000400000-0x00000000004BE000-memory.dmp

                                                                                  Filesize

                                                                                  760KB

                                                                                  Download

                                                                                • memory/2860-835-0x0000000000400000-0x00000000004BE000-memory.dmp

                                                                                  Filesize

                                                                                  760KB

                                                                                  Download

                                                                                • memory/5296-804-0x0000000002770000-0x0000000002771000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                  Download

                                                                                • memory/5296-836-0x0000000000400000-0x0000000000679000-memory.dmp

                                                                                  Filesize

                                                                                  2.5MB

                                                                                  Download

                                                                                • memory/5296-853-0x0000000000400000-0x0000000000679000-memory.dmp

                                                                                  Filesize

                                                                                  2.5MB

                                                                                  Download

                                                                                • memory/5296-863-0x0000000002770000-0x0000000002771000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                  Download