hxxp://www[.]keyhost[.]gg/

Resubmissions

24/02/2024, 14:05

240224-rd28xaef31 5

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.keyhost.gg/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3054445511-921769590-4013668107-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3054445511-921769590-4013668107-1000\{1987196F-20EA-44D9-AE64-DB41E5948A31}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1436	msedge.exe
1436	msedge.exe
452	msedge.exe
452	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
760	msedge.exe
760	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
2528	mspaint.exe
2528	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5112	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1376	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1376	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2528	mspaint.exe
5112	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 2616	452	msedge.exe	69
PID 452 wrote to memory of 2616	452	msedge.exe	69
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1536	452	msedge.exe	88
PID 452 wrote to memory of 1436	452	msedge.exe	87
PID 452 wrote to memory of 1436	452	msedge.exe	87
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89
PID 452 wrote to memory of 4944	452	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.keyhost.gg/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe705c46f8,0x7ffe705c4708,0x7ffe705c4718
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1324 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16017260756727900214,16280457629469337593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SkipSave.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
16KB

MD5
e99e5703b5b556679c69844b0dd09b97

SHA1
010abd855dc2ad5aef04ed0bd203efeff22d82b3

SHA256
f6a88046f69b1a4795b785f5278ffe1884fbd756019bd7795d7cf3ad50de3c5a

SHA512
250f2153ff233621fe52fd13b453dda43c955723f07f6a44c4a84aa92c1e26275732cdd630bcfd12c6eb2ab6983dc52e2edda7e6e87dced91999a337d40978ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
30KB

MD5
452cee87a193d291cf0394c0a8f961c9

SHA1
5ed43fad7737f776e85433d7fe7aa70d37eb4606

SHA256
6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61

SHA512
355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1.1MB

MD5
d8106993c2e1ea8402b6d383159bf400

SHA1
afec2f70dddee7abc9a6241b923467a79a024a8e

SHA256
24dde830c99b2763bc674354c8bd4523150805784f1e78dc89795cc7408449f5

SHA512
b0ac8fc42766cb05695782780e6b71b6c3a39327c2038ba75f18975b6bdb969fdbca51d74ca116bd048042650888193e8c7e238ce5789d4b115145073da4c75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
212KB

MD5
4c2bbd143c5f215e770c1c5b3e92b79a

SHA1
30dbf6b6c2cd031378f1191c0b42a24f3ee2128a

SHA256
8da1252eb6a8ca086800324302a78b4e0c77e4c07a49d96d254283b77c198b7d

SHA512
d7780ef1b46d25730e296f9cae8fa5c4bd98f3643f6da191658da06196352e05a96ea3e94478a9fb07422605c9bc08acd3b3224450c935e5afd5da6348bfcbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
47KB

MD5
7cf459fb6a385376d557bfc91d964087

SHA1
43df1c5a3fd47487a815871ae01ff4da157bcac0

SHA256
6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979

SHA512
a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
777KB

MD5
8318db8ce08e20961a259124b01ed12e

SHA1
cf66e2d5683836cc4c21369d3a422b4b9c177238

SHA256
adabe0cd0f13b34099125f1048d14a62bae093d484f41903f90da8e4ff23736d

SHA512
9737ae97918ed8c36856e29908da81f1e462f0ef7e3d3f742c634e3ed81b6e60d3e9225fea972def48ccda01c84c608da16461acfe7bef1e4ec9e24a11a164b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
55KB

MD5
ae46b78478d398b955a2e77ec33fc2b3

SHA1
5af773b2e30e632499ede982b6d26d9832ac3475

SHA256
9b26788e4a4720b03ed0d4ed0f5d08e8741ae34224cd1eef205506f0a75fa9cc

SHA512
cfbd47da4bfc6b1f45e3c5d198fe380daf4fb7b4c2cf15cc8e5e40e492c61d882b14ea2863801ffea246db2041ce64176b05093720307b33cd434dd2c4f985a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
44002ab51b8e9cc4e86049d582f1622c

SHA1
1faa56bb59f8b9e338d5667b125d997420bed8d5

SHA256
9eb8ac5a879d4ccae0f95c82d8326caad276a61a8a82f67300db51a61bf332ed

SHA512
ab50c2a9c0e3b8ec4a76eedce6731155d53aee3c0253abce7d989526f0a739433c72616bc0da53ed627b88e2b3778d145f4b484f00a1312fafdd612579f6eff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
314331b72bac8f17acb44ac8723f193f

SHA1
c551ffe2c37818d58514931d26224e45fda506db

SHA256
3330be3840db466c0ce26d0bb9a3f7f8eac1cb2406109ad9011f54a14f490230

SHA512
0fc8748e8c857fe99d3d9180b3920fd96412688db85d7b0a2ab64681c03dc05099e6e7a04db4b9832c4b793d24a07bd48ae1ba314565b3d95c00622924a9fb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
23cf91d76d5874101ab3920514133200

SHA1
9d0dfb14cf2f75995e4fb82a8db7e4842373afca

SHA256
2bb5e04b4bd34a649c5d4d277ffbdda7cc19257f4990c6c0b64ea6cc6e8bb719

SHA512
8b21ed3dfff51ddc5e59fedf0193d5928305d45d4300e457bc80edd8657ccf55631a0fee2d06d16d5fd64b54ce5f3c665b0681eca4aa708778205220f06be7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3bfdad50038a666fba42ba891a93b3eb

SHA1
9ab9865daa7118c6bc1c3ab12d560492227b026c

SHA256
a3a6aac99a8dec893b7424cec7ef887cbff653d8d2f2501e64675064b4e1c897

SHA512
9e7ccd8aea96a1a22e866ad11a52581760290bbbd2ac937c60e3abac5fdb2a38e2aa45d451313a0f44a554b49811b56da1d6b45381601f2c6cf47ea894a0d337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
559B

MD5
88bd1595e06b0a020ebf1b04d0fb4caf

SHA1
3750d7f33afba8d83e885e35d26587115088291b

SHA256
9600a8341b6d299abaac86ad5a7fa7212d42fea18e46de38271c080cac2957f3

SHA512
4084eaa1b3fc937a9f99541365aaeeee2adaf0757bf2ee18dde01971803006bae8aee38c6f416840695a38eecf4f1938ffcac8a0352fe798b13aaefbb50cf4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1a373d8ba703f42100daf7ffd3502cf

SHA1
e6f305dbbadced374f17c4413f2b861475f4d675

SHA256
1fc23cc05fb2a3b1f842636aba151716ad5028ba7029059ccb56f26983dc19ec

SHA512
8b2307aa770aaee55141bc3c0d1edd37c7a59d4a073830aade169ac27ad17a6ea9878d5487fb58fb8281900dea7d0afa103e42c53e80cfa5e9f8263cfd44cf3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3b37aad8e4f72419fafe78dd2297a23

SHA1
4532cfbcc8b837f2323210c4e49d6379507c44f4

SHA256
4746a40d4d47267d109602b79e7a304021f8160c6a9edd2dab436243c98cf8a8

SHA512
294bad0ba1312c050550e9cefa644e25631e4390036316f458e9610be9cdee1c08ee81e1e3e06b9fa62e208f795d9021abfb8ba31e145fa563689e0befa9bc2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9e92d3dcddcaa090e5766b5e5f65882

SHA1
d67c57a8370287d1d82704fc366d5b22fc57225b

SHA256
a4d61c2d855562ec0bd393536b6cf80c039dcef07899a81c431b1d948585f0c4

SHA512
2510eb888fba618e09c2966f8dcab89db8a491e83a303de7d5f9d50c6ba83c84765e6e7effe96a6426f107caa533785eac726cdfc687ede61ee0ea667870d65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
853b22b6964edd3b103742fbedf704ec

SHA1
83ecb88d8fa124b9773f3f1a22dc9e5d1fc76513

SHA256
95022c74720f1713e80de4f3c2636b7282d3fd527cc49a03f59b17b3b2eae951

SHA512
8f66a38dce9937e9d1fdd2632509806bb906bc5a9a7731ddb30bd99b8abc211d44e82efde85d95763e613c344c922c8bdd872b0f2c7fe9d0d41fe24228e9c970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4560d957f69eaf3b95ab19f5aa8db22d

SHA1
08bd6e04f37ee840a193b17ade97724716ad4bf4

SHA256
b0af28473092f1ae21542d549fc4d73a0185c5efb70ac2bb60cd4c226b9ca2fd

SHA512
f4d98c1fee9da13cda7fae1eac5a1562dc7267f531ae10ace6f54b7ebbe8bcd97bc158b4bc41ad8cbdbc825c8c5882545f3f4c70e24414d75d5953a274715d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a6f5ba39765be0b87fa0c7fc26a7ecdc

SHA1
492b0fa05c3df972066474cf52936f19a90871ac

SHA256
8e0a7dc99de9b1773347ad1550c1a407ccc5a1a59348ea4fd95248d023595c36

SHA512
43850e076f8fccdbc8a7edb8cedca7bcd3e9733c2340c3edb247747e2c6388c76ceaba9fab4a097f10e58a79ce3780934895b456ffed2773067e2839cb174922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77a13107d6182e3a4fb39a28fc9a0234

SHA1
105c9d9a22a0cdc467bc23ed7ae52b6de2efe390

SHA256
2dc365a74e38f6eefb75d0eece6bd03c99b43af9d117de9c4c0538312e8046b0

SHA512
5e8aba232ff0d28b8611ef7cb99f698fecea706777c94712f64c1e02266e8afa1f94d683b15e1272b674f4fbaabd8ca1bd30ff2afad2fd10fa7ad6646aa5f630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c01c2ec-6c23-46d9-a36f-b3cedb93f8c7\index-dir\the-real-index

Filesize
2KB

MD5
7248954de430d39c00fc390caceaafa8

SHA1
34f29045895cc624d2f92ae3a313be065a0bb441

SHA256
b2e828611464345cbe9bbe3a9ef6411845a450a74c66620910040bd5f28f0130

SHA512
2d4873a9333d9dd35a1db8ee963beb3ead025f9f7f195d74c6d66ede8a39b38844ea1afff0f3d427c7f5746a2afdab7429b93892c105ea5d091110e8f1453a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c01c2ec-6c23-46d9-a36f-b3cedb93f8c7\index-dir\the-real-index

Filesize
2KB

MD5
fe71072f7bec125309824c2758246f38

SHA1
c9849c490f9efac865aa9de11d50b9febf75e33b

SHA256
c7a69df6ad0379988d010efb371d4bbfb10ba94eadaec3c17fc847aae655858e

SHA512
52cba2e1e92c9dcf9ac3ff9ae520a089dca2fa8924a8708004a0d070b3e214dbbc44a213b11caef70ee80fae1b2c631ee1610b28162fcab3a7379af77873c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c01c2ec-6c23-46d9-a36f-b3cedb93f8c7\index-dir\the-real-index

Filesize
2KB

MD5
1862c2c01db487ae761329b571abcabf

SHA1
1d5496f349a807d9613ff268fbb4bc9dcc79c239

SHA256
97919013d75772c07cef3057cdb3ae20920f4b656f22452aff3f7111a4fddb7c

SHA512
3762838175d95aa60feab4f1d888d7cecac326ab7714024cbbfda0063d79b6d280d0043cd79ac1ac062becf869ba1371e715ff833f04c91503501ab2a6f134ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0c01c2ec-6c23-46d9-a36f-b3cedb93f8c7\index-dir\the-real-index~RFe58cafc.TMP

Filesize
48B

MD5
ae0d8f18f671b5a192ecd17a3276990b

SHA1
76a8a1600638b5f6a342c692e2c7e8a141d2891b

SHA256
42b6d24acec27221884722bf62d0d64d00693e127ae7eb27c80038f24114786d

SHA512
cc205ccd78e5b725356e5cf23d4afafcacd54fdb2b66f0937ca5ffb428f6d728c97c24ce0675c86800fb7c30e40247af4b1292c6a44befdd71c6c3c777b7f075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88ac4d9c-0295-4a81-ad2d-89f86517f72e\index-dir\the-real-index

Filesize
624B

MD5
d19d9096754bd4d0903334fac1e65ba6

SHA1
e5c4b97d9b502bdc2871bfeb1ccf578ad6f379ab

SHA256
e865d097ca2f75621ece828e07fe82c1a4b6d563e1beb0e083a55b5f1f6b7024

SHA512
2b1aaf2544c37ff48a7f0694b7964e25bf5f4411951de8b08972f53f33c691c254164b567ca5800873ce9c1c222fbb4c13bd79d00fc497ad45bc1ee3b50fbc06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\88ac4d9c-0295-4a81-ad2d-89f86517f72e\index-dir\the-real-index~RFe593714.TMP

Filesize
48B

MD5
5d091ab2435a5a6b82ed7959d851a2f9

SHA1
9ea08e2a7575d8937826cd07ddafd7c5abba8dd8

SHA256
82ecd27d0603a10311939a7cbf1e1d8ae1a27aa68d9ed68354b5067e2093d5ac

SHA512
7308f524ab4acd92b91930cb80e5a4357af31f2de2667396bcafcd1b6eb6ead03ddaa79626485f6be53dc1409ca07562771ee8bba589890452436a51a615a08e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b095a6d6-669c-4299-9270-a065f6982f2f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4f5ad01d6eb86a64b723118465a22cfa

SHA1
5a4023970d8dac86b538c67c08dea1f1b79ab93a

SHA256
ac2029cdf922af014d7abbb44ed7a0f163ea413419d4e8185f573003f2cdbc85

SHA512
6e27c9fb61522be36a491db77044352f7954647d8ddb1234f59b5635a62e3fab9ae90e3cac54694ececb895d6a9d5469e92dbcb2d77562baf59d2fbc1c05b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f1ced3ffb1fc6a0b3584c1a8dad836ee

SHA1
7dca71f0da618ba7ef8c60b166f97999666e3efb

SHA256
8705fb4348012d16bbc0c0d0ec65a11e0f7d389c7dc672f8d27f1a89cecc3da1

SHA512
2c8b2fa73bbb31820c496b445c8fabaa8386bf15e6166eebcbc6a869b3ab9a970d3b7f81c4961fb584384cadeb7e89ff0c4f7e9e7ca9f98916ec1586a8c59ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
a59fa47dca13259177804f7a3a241b8c

SHA1
983f4f150599e27431ed5594ca0dcd3bef758df4

SHA256
8515d6e201c5384ddb2706768d278da0950f1fffb730a3564e47f4b975446723

SHA512
adaf50f4d26f1c7c190394be387997b1df0313d9bfd21ea0b1b0afd669f8d4d9d3a124532c93979107383e41e5e1d5bb404348ba46fe1d7166c6f80123c85f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
16783e99894a3ce17a388d6acdec20aa

SHA1
5711b7dbb0c475fc5877babe459ad2d79a576b8c

SHA256
b2ab023d22d8450e4cfc5a79f0d4102a5c949827f1ab92e11dea414146d340b1

SHA512
7998e9994cae081453ad0ff296a80b453d3df57b9f906153181d038714914142bf525aee224b6b98272ad54e5873bb2d0ee5d0ab872eb1ccc5abf915b8a47766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
cd50a2387644af4ea04bec36fa1e0ca7

SHA1
fc3c3c2f039dc1a3a05b8476aa9a01e71539d227

SHA256
b840648558dae96d6780037c5cbf9e445164427f44a81e246757023b8be55feb

SHA512
c466b5b84f641514d741d900de6fd248e71413f3cc308f5ad3789b158ed2027e5df218a5ba20e895bf573272d9838a272844a737630afecc42c8caa55caf196a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
872883f6669614c79fae1490ec4700f9

SHA1
f24142a6b12841428f5d8b6a128c4d1a71be7505

SHA256
8abbddc6125e5c7c2bb1ce13b2a85950beb47be1ba616619845c705d5038a77c

SHA512
fd0df51bb73bd961264858aa032537738cfc1aaf3ff259c52459911e5eb97c4036140f9f2db98ca274e77738a14040a62e37610b41f8fa867775f8aafe75b41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7dbc25e1c3690204970b768b71aa17b2

SHA1
50ba57cf7309adb4024023c927c133f5d1fc0fad

SHA256
db3da862d47b982c4daa12eac08c67214cb589ec478d34f8fa43a9e5e2810663

SHA512
c2a54ebd9a69c7ff7c8bf6cc5d8c17f7e885e3e23f23cdfecd040f6c8b6987d4e56c3f4c16ac7689f283dcf6d8c5bb6e4c33f5af536eebdcf7621fe4184cd1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
95c81aaf615a29a3c83704333328745b

SHA1
10f720f73f2a9d69d68e3a00ad4cc0f7fdd69658

SHA256
ad9458cda7177387bffb7f0f423ca22ac50a277d2ad01f2a875cf03d1e29b400

SHA512
a22de272594a7981eda843fb252f164877b1a2d3975fc5ffddbeda33f57bbc534a2071245d6a319f5f29795824009d4f16fc4ada8d7c84331f3e5ddb6360df1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5923ab.TMP

Filesize
48B

MD5
49c845af4618a3a3b20c48c14cb02735

SHA1
a978ab24e64393ae84e730578cdb631c07ed74be

SHA256
a0a373dc8a59a12f073bc1588f74d98b05378f288bf12e919d1360b5f660b00b

SHA512
3f23a375df5d84d196004074e0fa65ebec420f9510de887fe26a5b062061c40e65dd38a3830ed9e76661c60f00f4486faacc1b8c1d5b6a85a2adb6c352b7680f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
f636ad82aab5f57d60e36068140763ea

SHA1
07e38fb525653207f90ab3aeec24f590ba336db3

SHA256
c803a6a7ee143358ec2727ca3ad0d40f92eb5eed748afb69c43616d08d87e5a3

SHA512
bacefc9ac84d92c9492fb925e372f54c8c2942c9497db5864b7b3507d25e34681f85e8c5d6477bd281f6ec71a0c3ae124a33c4afe9b897fcd16d1026845382a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08024cf939cd648314f237394a538b38

SHA1
29f4c6c63bb556441a8a78185dfec3297f310fcd

SHA256
52b435fe43f3f6ea02c7a15812e7f6b9c59ef5ac641b379f0e7f8acecc414951

SHA512
299d5d40fc3202403c26d22c8c5c0cc34100c973f80c530cd0a3dced808ecba79bd9e1acbf624bd71e5615579414bf8514b119b788c4a49eb20ab3504d2e0410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8571356c2c3a6dd7820b74a48457303a

SHA1
932fa4f2d204e99043a1694829fc05b135333b4f

SHA256
a0a34e442dd13893ff677e782e633e34d39e81d81fed17c951f91a7e4973c169

SHA512
6ac2bc9dc28b5d458692aeaccedbf48255227c07760138f5baadb738748923287ec794cdd94ac4b7820f1941d0d16c047e0b91364adf344c14e43f660c1729ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79dc9801241fa79b40c7ec6e02ed6740

SHA1
53cb6c3b49a1767bef05846bf4417eacd1e7004a

SHA256
7d4d7587bb41ac1cbb7cf93f048a01150bdc8576a30a7600bb43b7ceb99b2a74

SHA512
3b4ab8a03ed90ef6acb80a40b71891679ed0a76bab883ba20de4a7d9b69285ced63f7a05526e6e62d83398604d09aca453f059d56ab2a0e55a94e3ed770fa9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4fd0e166857ce82e8b51dd73960cdf22

SHA1
5dc513ee8afe16349fce6dd5e38dbd0e51163c44

SHA256
2dd4082e9d72edc0a46d77624a2d49bfa2f7fa5d97bdb6980a675e714bc6730f

SHA512
bc03effd01950bdd291b6ed55532ff2708dbdfc73a6c3c3db159bd785c4627cca5a51c52bd3cba724239d919b6c1add7cb472b39820fa5c53b047e3d8307f8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
9bca3d7078eb1b6371dada7ff93f0302

SHA1
50b8bea4132dcce9f7760dcd133dc9ff62c579a8

SHA256
796d83364f37c8b19d114ff7bee8ef7157d0c8468957262515ccc35035550054

SHA512
66e7cde1d32463e23f0ffc993d00854a1c3125935f1d00d3c7e7bae7df38cdbe76c3759d6d2fc471f35aa0e211e664da61a81a077b4a69c25fcf3cea28899ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
803a67317dfd504e081646deeb98a171

SHA1
e67a321ce313f9d38201c10be24e61060f55a0f3

SHA256
4c7fa14380fb353f0b411bfaf3797d6099cb13e16654bac4dcb9c72293091466

SHA512
271b26baf5f4074a9ab966121083e25a68f6c0d05a9f9c53ec4b015f48010ac3ed6c21252275a56eb893e243f03078cd071294c9bb4c7c08bd3adb5787fb130d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf75.TMP

Filesize
204B

MD5
b92ea3af49af12a5497124f9c050001b

SHA1
1080cd22fb4caedb3c8baa922e5ce73422731f95

SHA256
ea9c4416f95129c42a7815cb6608cd2279cb021e11c01be2b226369615f431e6

SHA512
01c3a8441a920c7988f8593b9c95ab85377525e3b138a83b319dc1336fd04d9a79bfb299fe9751c94e49e312c6d05003258bd67310c7f042987bb8d3b0e87b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6a8b5c8df72cc9b99132995bd7fede4

SHA1
698a05e5dff8a0c71113aa5f49892e9f8152cb31

SHA256
0ad716c5dc898349c818188b12569e2a65490f7ec3bfb07130e3be4521a1c66c

SHA512
a8f20f9e7a46a23fca3c013d4a4959161011c18e53b1ef45c3a4659359888dee1751d837828d4bbcd3dd97ef1a24176891cf8f9c64ed82bc3667571f823614d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
685eea6fb87689c1094ead53a40845ba

SHA1
fdd30ae71991abbfb952015e192460bada029f12

SHA256
d1e7c6d2e313af464504e7c7ffa37b3da274394e66d9ea705306c97f7047018a

SHA512
3e64e1982cd2316528aa10cf406b44c971d90c290b6525962b87f412b543d7b9ac0cb7996df8888d6bdd5ea0f746dc2d03c9eba59bb2a747dc925b25ec16c96e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3264-1410-0x00000204CDE70000-0x00000204CDE71000-memory.dmp

Filesize
4KB

Download
memory/3264-1411-0x00000204CDE70000-0x00000204CDE71000-memory.dmp

Filesize
4KB

Download
memory/3264-1412-0x00000204CDE80000-0x00000204CDE81000-memory.dmp

Filesize
4KB

Download
memory/3264-1413-0x00000204CDE80000-0x00000204CDE81000-memory.dmp

Filesize
4KB

Download
memory/3264-1409-0x00000204CDDE0000-0x00000204CDDE1000-memory.dmp

Filesize
4KB

Download
memory/3264-1407-0x00000204CDDE0000-0x00000204CDDE1000-memory.dmp

Filesize
4KB

Download
memory/3264-1405-0x00000204CDD60000-0x00000204CDD61000-memory.dmp

Filesize
4KB

Download
memory/3264-1398-0x00000204C5AA0000-0x00000204C5AB0000-memory.dmp

Filesize
64KB

Download
memory/3264-1394-0x00000204C5A60000-0x00000204C5A70000-memory.dmp

Filesize
64KB

Download