stormkitty | 3087eb38d111c49d652a0a26cafdde80f3504f841e503788cb8001d1eb79d435

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2025, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
Size

842KB
MD5

b303919a57b5635af5cd6bbf17642a7b
SHA1

406811b6e29c936f28805645f8d2510bb0e2ebc2
SHA256

3087eb38d111c49d652a0a26cafdde80f3504f841e503788cb8001d1eb79d435
SHA512

0bd599be708582271005e2f18c6d640dd00147471e2f65bee0d07e6866d01c71b0536883346614674e9858625f1a67b962832c2eb38a918cd0d6cd3edbcc91f7
SSDEEP

24576:zq9FZgv6K89zwCgGofKP0fHxwa01vRrSNKFkXi:oFZgS9O3SPxa01vRrSNNXi

Score

10^/10

stormkitty discovery stealer

Malware Config

Signatures

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral2/files/0x0009000000023ca4-5.dat	family_stormkitty

Stormkitty family
stormkitty

Executes dropped EXE 3 IoCs

pid	Process
4528	svchost‌.exe
4512	svchost‌.exe
3764	svchost‌.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\svchost‌.exe	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
File opened for modification	C:\Windows\System32\svchost‌.exe	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost‌.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
3980	msedge.exe
3980	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 4064	4060	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe	82
PID 4060 wrote to memory of 4064	4060	JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe	82
PID 4528 wrote to memory of 412	4528	svchost‌.exe	89
PID 4528 wrote to memory of 412	4528	svchost‌.exe	89
PID 412 wrote to memory of 868	412	msedge.exe	90
PID 412 wrote to memory of 868	412	msedge.exe	90
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 2320	412	msedge.exe	91
PID 412 wrote to memory of 3980	412	msedge.exe	92
PID 412 wrote to memory of 3980	412	msedge.exe	92
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93
PID 412 wrote to memory of 2276	412	msedge.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b303919a57b5635af5cd6bbf17642a7b.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\SYSTEM32\schtasks.exe
  schtasks /run /TN Update
  2⤵
  PID:4064

C:\Windows\System32\svchost‌.exe
C:\Windows\System32\svchost‌.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
    3⤵
    PID:3460
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:1780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:3152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:1016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,13574124882721267646,3387428500983773630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\svchost‌.exe
C:\Windows\System32\svchost‌.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:4424

C:\Windows\System32\svchost‌.exe
C:\Windows\System32\svchost‌.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost‌.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc13a346f8,0x7ffc13a34708,0x7ffc13a34718
    3⤵
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
68KB

MD5
0cccccd82d68d5ff076e1bd047436ec8

SHA1
0b9d6ebef9ac1c03f8138e9fc9203f9cd69d2a73

SHA256
0e9d24e58133fdae2fe766ece9358afdc57da1568485bf36182851b6c1291246

SHA512
84c357d75e1b7c25249ef826bf5ea9ef4445f2d4f985ae7128363421ac28f1cf438256cb40cdfd2fcf9ad439900dfc7796f9ab850e0445dbbfab5c23f29575eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
89KB

MD5
6c66566329b8f1f2a69392a74e726d4c

SHA1
7609ceb7d28c601a8d7279c8b5921742a64d28ce

SHA256
f512f4fb0d4855fc4aa78e26516e9ec1cfabc423a353cd01bc68ee6098dc56d6

SHA512
aca511bfaf9b464aff7b14998f06a7e997e22fcbe7728401a1e4bd7e4eceb8c938bbd820a16d471d0b5a0589d8807b426b97292fc2a28578a62e4681185556c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
98KB

MD5
c0fc67fbc5c5eceb437b516b4365aa86

SHA1
6b5a02dc604f8b87eb9d456969b12b45dda79baa

SHA256
0b8baebdd76118229f6b486ab07c66d05b104fcc8a80df53261769f80ea093ea

SHA512
e73b48bd36052a2f31aabf40b32ada01fb8c92345a20e22126bed271bcab08ba0a677fd9fd29cca23e98379b6c1e0601bdae9f90c38d9369ba32f292450886d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
522037f008e03c9448ae0aaaf09e93cb

SHA1
8a32997eab79246beed5a37db0c92fbfb006bef2

SHA256
983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

SHA512
643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
487KB

MD5
831a0aa25af2c60a7380ea75c321d930

SHA1
140ec306c24ab6f348c4dde5900b219d817e2026

SHA256
8cdde5daa52335c0a4e416f6fc22aa80744207a38fc276bd65341c2d2e903557

SHA512
0147937b2b2cf9bbf7e8dbee2d598e156c6ce4ddff224b3dc48caed96e89038ecdff1ace743b82fdf6155c40b674f4b1983693dbe45c39898487d3b7be258161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
17KB

MD5
240c4cc15d9fd65405bb642ab81be615

SHA1
5a66783fe5dd932082f40811ae0769526874bfd3

SHA256
030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

SHA512
267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
4d0bfea9ebda0657cee433600ed087b6

SHA1
f13c690b170d5ba6be45dedc576776ca79718d98

SHA256
67e7d8e61b9984289b6f3f476bbeb6ceb955bec823243263cf1ee57d7db7ae9a

SHA512
9136adec32f1d29a72a486b4604309aa8f9611663fa1e8d49079b67260b2b09cefdc3852cf5c08ca9f5d8ea718a16dbd8d8120ac3164b0d1519d8ef8a19e4ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
259KB

MD5
34504ed4414852e907ecc19528c2a9f0

SHA1
0694ca8841b146adcaf21c84dedc1b14e0a70646

SHA256
c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

SHA512
173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
62KB

MD5
8ccb0248b7f2abeead74c057232df42a

SHA1
c02bd92fea2df7ed12c8013b161670b39e1ec52f

SHA256
0a9fd0c7f32eabbb2834854c655b958ec72a321f3c1cf50035dd87816591cdcc

SHA512
6d6e3c858886c9d6186ad13b94dbc2d67918aa477fb7d70a7140223fab435cf109537c51ca7f4b2a0db00eead806bbe8c6b29b947b0be7044358d2823f5057ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26f1a435530e3442_0

Filesize
1KB

MD5
f72ee45ea9fb74d938267e7a17e7512a

SHA1
cfc708bd58cb852eca3536956528ae22bd8982a7

SHA256
091f580f8fd187c87c65822480f9fe002f4fdb71788751d5b30f8dc5c2edb367

SHA512
99825284f3331d57cf15f4478a1282224fd05b675b60c88577e05280c6f5ea3f3afbb13b90168b402ef41efeddf3b5a3932f04c6bb5ed0885a768b16b35dc7e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0

Filesize
272B

MD5
ab9197dbf631cee340672c1ed67a4f8c

SHA1
c16a69ad83ede9942995c37f5a30103b7ca722df

SHA256
9007d9d3637fdc5e26ff2cf00e95a84d45ab783d8bb759c2a9dbf2a355c6b9c6

SHA512
15959e0b2abf4ee8ea735559a3b892cdbdaf341b70e51523c9a941a399ea55ca877823ff31cb6a7eddada709261fa06053e3576e4902fe1339068913b8fa3727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0

Filesize
291B

MD5
60e7d424d4a2e0218b12ade0b8bc9197

SHA1
d212c9723910c46c7c34018e306f90929e5160a3

SHA256
3d701da65835af79cd7b021139d7922f5a30e6dc6b6d1be6a89880d3f5f24d4c

SHA512
f39b5998e22d8b91377501056b113c48bc6027d2c9c6e363642a7f147f4f0118827e089072fcd5eef740d4016b4d56fe21b80af626c183892ec6cd73ddf01d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aac9062a986a62d1_0

Filesize
1.3MB

MD5
d849c35cafcbb5536a935426637f6666

SHA1
eabc90544d92d07223f01b8457df2f4936eac37e

SHA256
58dde7df521b249f9ba1aa0c42ac10f2642f0dbd5287246744a7c6aac1cf4529

SHA512
a364e7f831cacd942e35ab59a84208f909e186ce1b64c7613ef1704b08ddf6f039c039d1bea73bb9e43b4f5e5c83ec8c939e264895b656618803a465bce35a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b689dede38af66e1_0

Filesize
295KB

MD5
22f8f660ad82e99eebacf07b9b02d717

SHA1
0b41b3a9f20ba37d8d9a0964029073c0d6d9f5a5

SHA256
d99cb9cc6ff8d04e1ba28f0e42cc44a11f0023182c625d80c4959b351d761e43

SHA512
f65e742a1e9d977dd480da8cf0582629a4d4d6fc5c21b8e1230dd6a953b17490e7306d4e95fc901ae798c110534bb19d3e6fb5fc76dedac7ed03dc59f083fd73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd85891776e64a05_0

Filesize
188KB

MD5
b9521f301bc7e636b05113e902074139

SHA1
dde37b86b2a553bc85cd33520a887f32308c3ad2

SHA256
003b3664f40f84ed2eca0807c378b5179a11c63a073f74b67788a5c0e770f765

SHA512
f6435914525fd74db2a74cbbf45dad37a3dead8172dacc0f50d34af291fccbd97cc242df025db212b64ab585fdf1881445f627796d37543411e6710303976464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e91da4b52bb26ef3_0

Filesize
297B

MD5
f8757a73b374daaeebcc916bff0f76b1

SHA1
13714da418d9a884f9f510b64dacc0706cfd84d7

SHA256
d8869896fad8a9fe6454003bda589a842c6056d26be25111d628d14123ee863c

SHA512
0f56f6e90b9a862f858dc45577a7f5ed1567efeeb0480617bbf3df8c3166ecfd10392dd984b0166a82cfc50cd8f2a5fce7109747be89cf5bef2bc851f6d9e25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebfdf870cbeeee85_0

Filesize
1.2MB

MD5
9e568a0ed4b3c0c82aa4de6819a7064c

SHA1
b4cf6cee0a82507c6d9acba32eb6fc5f7f74a6b1

SHA256
52d5731c8a8f47553cf338238800e001954a67d24de00f63e95e4c5a31d6f1a7

SHA512
e81ffeebd640540ad198b5f60775089c44c68535d2ba31f758cf14dd00db3b9d3db7db9a950171a2372f989d0201fa49efcc80bca573a7994d43a9c242c7c775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0

Filesize
269B

MD5
aeb29e8eb43a89b05f8ea228bb142bcc

SHA1
44b27d48487405af7f20ec10cf9b08ef1f4bf338

SHA256
fcf5a516d6339a05cf271fcae3903eeffdabdb0742664ed492e4873605b7f679

SHA512
3c8d06fc193d1a804f3838ba164f89dc52367e57cbaf760875bbe99914c9cd082e0f7e793fce882509a3047ee772e7b4103969b395d4b8ff22182c8b0b067bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b067555ffcccfae5c68d46896b3ced0a

SHA1
612d2bae32eb821a59b63f7767ae558b31ed30dc

SHA256
7e1a7d2e4a383d8f1c0159febe7b394e94a3fac907e32a2a143e5150f8f8b5c5

SHA512
3cd54eb6cd3a4e12e4eae9cf2e8b1e6061347a66f3be419c5e6afc0772a3f1a61315becfa914b0a79de1abe19fe0ec78c48519f13570247adf52c2bd5920ec28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
aaf77ec87260bac6b3e4fd8ad3d13ce3

SHA1
de99dd169ce496f7be6ba6abb9d11c92cda05399

SHA256
63c66474860be4448704ca9f71015a5b897e849395cbf95156f266bfe5863adc

SHA512
8df302155e3a18958b26fed5b9f1014004d26e4fee3d00817856224a9d8f9a52afeddba379bb46f18a620406ca9b32e738070a26423beca8364fca11b10e8f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fe0d15d2b19463ab94950954eaca8f9

SHA1
553aa6869122f58cd6959775b9ebe1bcd2789ba5

SHA256
42514d917972771be6237a142c19871ff16c5943af6162214c30b6b2be407c2a

SHA512
2dbff3a97ca2c3e36c8df07a4bd0a58d78338207364a1995731a7420f5e94117525e468297103ddaafc61d7a4378bea49bd42a9ac3d9df6ed491bfbf22036ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da056d7e437245bdb0a01e8645bf6160

SHA1
63345a79217b936cbd69f9762234ee211c22dba3

SHA256
327e2cee37920021116f91956c05324b0393f94592264dbc73cd8c04c13a0131

SHA512
d071a82add4aae2473176d0871005a0ec1ea7d239314a39797a3d0a38375aa426c2fee186e172bbebfea161c8017f9d178ae982a9a40594902cc7a18f2d53589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7c385b8fec3ce1a63b15ad561f0ece9

SHA1
5e319264f6313f3e3670cc18a9766db5908e1b60

SHA256
1fa6a527a57e36b90b3cc0be5ee0b0d33ed769318db8006cfa350015a7ea2788

SHA512
c7d3f9d6cd9aa1eca0bc94ad07f8e6bbd13e05d59726f0b36201eb5a27361bd665e0a05b9a30be71e269605f8cf259212d34f7a95f996040534f6dd84cf6f138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf2db9cf4af0e669d51be74e80bd49b4

SHA1
f1b1d6545845088363ce904024be81e46a65b63b

SHA256
dc1fdd0ce03a6b52bf5dbfe9f2c82eec2e4cb60f6ec77a6137d6abf35699c200

SHA512
974294e2c350e9d85a25e63609110803a0ba1e3689c75977860e67064b41cb2cee958cdae88c3e097af8ed1e254030c17463f17debda0c12f07a92268d09d669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
7c06213cbd535b7bc2d0d5410cd6b759

SHA1
7ceb3644391666f01d2dc2bcfdd53166ec30ce26

SHA256
a95a24d9d97a35fe9a2e4e723e7b1acb1e3755f19d857e41e2dc926fbdf82485

SHA512
4b5790358b94b1be1dfba3d7a51948c64f2007afde78fee201b0b68813f07ed01e86e97ec3b8b54305abadc621ecc202b2d00b1431e0bb17386f1524d2b61c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
303d1acf92e35d3d79a740e92cca1159

SHA1
70d6272633a9b2bf95c674cf14bdfd4d52d739a3

SHA256
4ace26e699e2075916bb6bceb034b941c6a9dfd0f70ef103add16ae53bc5fd8b

SHA512
41e71d0cd0243ceaca1f03a80fd94fbd516cf3584181ddea90f72b2abf3b0b20f123ed9dc8e3dd8c26fe3d5d75c29b250c752650db4ad4230991ac5d1c62e812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e039.TMP

Filesize
371B

MD5
d5ae2283427923de31919c69c8a9af38

SHA1
d2f8795054e048926e883ad4e3bc719f513eaccb

SHA256
2607584f400faa2fb5bb6dab92a92a3387ee49aad3729e30c40749781f9f9ac6

SHA512
33e589e57438c6c42b97acdbcd870a4e7d1838188527cc3605c1a9b251f59a3f16b314fa06d53ffabf52023665a5ae88fe5431e1e4b2e5f07cfa8040c56f5d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
076c1c7428b2df7518c4117e63c07b47

SHA1
fbb07aabde4e1a1b978c03664cece5cc27526fcc

SHA256
145dff6160b126acb4c05f46a1a190d23692ccb6105c160f5bf2400ff94162aa

SHA512
89e403bf19ac4c0d90774fecc5e43a354b988537ff389964b8a5ccf67f93affce3d2266e28889ef8a13650ca02da14fed86ef0a7e63c5e0e1e69b11f132d71d4

Download Submit
C:\Windows\System32\svchost‌.exe

Filesize
660KB

MD5
3ae4a965680a6b9572c238cb51cd0f33

SHA1
850b303af5b5818c8c34cd88ce67acc6f093c248

SHA256
51f1e33f84709ac4ff359e47fc0c98395cdb12bd70feb8af78e40f494ef9803e

SHA512
328cafddc052b566033bba0e5714c0dbc53e7c442500969a1a556e9fb90d97fb9efccf233ac4632d148b2d6350c54a0e5a8c6d4be5b19b1dcba04b0a61e17bb5

Download Submit
memory/4060-1-0x0000000000030000-0x0000000000108000-memory.dmp

Filesize
864KB

Download
memory/4060-0-0x00007FFC04313000-0x00007FFC04315000-memory.dmp

Filesize
8KB

Download