2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
Size

896KB
MD5

2bff08ec892c53c4ce6e36709b7fd2cf
SHA1

fc0bc34fdc8e748db731b7890302355a89ffe796
SHA256

2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69
SHA512

c288e4522640f71d0a2c950c07bea439e08737d45118c87ff508a3be4fe8ddcb9840c852d7ed8873a30065aa733e701e3c3e1b0c45ef06ebb80379a42754fe82
SSDEEP

12288:bqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaITU:bqDEvCTbMWu7rQYlBQcBiT6rprG8aQU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
3356	msedge.exe
3356	msedge.exe
796	identity_helper.exe
796	identity_helper.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
3356	msedge.exe
3356	msedge.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
3356	msedge.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3356	540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe	84
PID 540 wrote to memory of 3356	540	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe	84
PID 3356 wrote to memory of 2944	3356	msedge.exe	85
PID 3356 wrote to memory of 2944	3356	msedge.exe	85
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 3380	3356	msedge.exe	86
PID 3356 wrote to memory of 2300	3356	msedge.exe	87
PID 3356 wrote to memory of 2300	3356	msedge.exe	87
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88
PID 3356 wrote to memory of 3536	3356	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
"C:\Users\Admin\AppData\Local\Temp\2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
    3⤵
    PID:2944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:3380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 /prefetch:8
    3⤵
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
    3⤵
    PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:3804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
    3⤵
    PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
    3⤵
    PID:1800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
    3⤵
    PID:1868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
    3⤵
    PID:2988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
    3⤵
    PID:2504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
    3⤵
    PID:1324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:2596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
    3⤵
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
    3⤵
    PID:2608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:1188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
    3⤵
    PID:5136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
    3⤵
    PID:5720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
    3⤵
    PID:5728
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:8
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7580 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,8837784943160261204,5037044058638575554,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2380 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\7f3796a0-4aa3-43f3-ae81-7aa0e68dfc6b.tmp

Filesize
9KB

MD5
d1e0ddfee58dd6da3c3c773e4f1c0ab9

SHA1
e1ed2f3b5f570f35271adc6c4ca5de0520ca62b1

SHA256
0f2e0d0b636906e0a29ab6af399b6c07fbdc62d616bbc8bbf2bdf49e60aadd3b

SHA512
6324790a47bf906af1a87a993d1087e1ef32979eb2807a4aa39a478221844fe993df4d4ee432c8a35fdb3b2777147e85fa929ad7a50977a939f818fd728f6a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
2b050a514c1ff6bc4e6be614ec22ef84

SHA1
ea7137589785ef2382c8c2576647ba5d506b31ca

SHA256
cf4529c0de303d193641bf7970c05067f646e44ccc09f46f88cce4a33a9b789e

SHA512
dbe79d089d1669d3e9aefa3a0e92d216201e9514465fff77d7c5fa9e5d5cf281b3c0f4ef739ecbe5e817faf724634ab72fb8d402867c9b4c06564910d90ccb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
db76c39edf200c20af2ca0322acc7f7d

SHA1
203fecbfbabc2c32fa66c5efe2011d6b5be5788a

SHA256
26c7d90499be897acd8f2b16bdf0da151ec514a48967f1a99eef2a550f32cc18

SHA512
50261522ca3b6619c9c8a5a955d8befd26ce00f09f1aae7072d5ab8cd9086c8115c1c0eeab76cb48bbd56a967e3370a00f2321b3f99763b95aac28af816af6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
b84179f7723638368b5d66b98883a7a3

SHA1
eeed578e197739dadd2665ab209539f7a70767dc

SHA256
62ded2c3c85c538b2e61c3ea48c35afdfc1c641add79914188a697e1dc0982fb

SHA512
8a8d9ecb1214e054cba5cc1ed97c875cd2f173cc8562ffd9fb010466d58b2ac32241727df72ed8a2802aaa7dc3a0da0dd57f3e981a4ceff95c197777309a3eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\60ff8868-da41-4d01-bbb6-36d8002f61db.tmp

Filesize
4KB

MD5
dce597d5730f70b165f3ba05ed7cb55d

SHA1
44f9d94739e39643eb0f51100a37181dae73d2c1

SHA256
68dd1a0dc86a78a17891ad0142940d6e9eb90777e87cf7594ec5c60adaa43e47

SHA512
46fac32fc9bee88fa1a6df16847494eea23f78f17c9cf63edec7bb1a4352eb33042a16ca08af1386dde384828512596878f7022eff77c7917ed1724e251c2e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
5f5af380400023ac2b7601efebbf9f80

SHA1
a4b8578b66447090963882a84c9e44dc726938c5

SHA256
74fd44432942fc21094ce6de27b16db9821f408c224edcf7b1db7c142d572f77

SHA512
dd1e79afaa8251d9bb80253fc1cf7f88a62589873a2e8872e8f6d0cb09a27877c035393ac5fece631f27edde5d96da983f0abe26226790856ce5f93198ee78b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
d98068638e95b41b06a7f8993bfb01ce

SHA1
e7e04ac912fe5def76c8487917e990949b270c89

SHA256
b05ed886fbdb2c11a25b00a67b993ecba22b0ba5239a9e4c6d152a62ee57970c

SHA512
7819ade15fd48ece24552324bf9afa0198254e354b0c6e2bb671abf4a699094a16545901b782e24f25ec91b48a2b824a2b6e8ad8895bb8c729ad758456462542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
ad5278a0e3dc48cf9df0ba286aa1e723

SHA1
ce6bad4bdbe7d0b5e9e7bf36ad27570927caab4c

SHA256
972356bc06c294f077a484cdb0500059ba9aff99dd1d1ae2e97ef2c32a95b517

SHA512
037956a1fac107f2387f12af1fc1bd29352034c9f9f67dd035245e325ae1f478e828fc117ca8bec01cbe70d7ded81f314dd6a7beee8f45877767ecb7d37dcc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
dbbaf9fade70bd3fe2fb3f0c67a85c32

SHA1
958d0f07a7d72eb69bda7e0a9af4f96c5e40fa79

SHA256
b462067859d2ee54373efa783971e70e343f612c5341ec1b45d2e7dd6e6b3a9f

SHA512
8b6f4e60a405e8e4f28cc19238af81ff117565d67f7f58561153d5b2b4d26777adf01d033ec8dd7471b6443805914dc6ded264c37fd7f11e973552489c7b3ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b8ff.TMP

Filesize
24KB

MD5
27d5426210a3ec8c6e89b7dc2fff2af6

SHA1
5889e2fc3a8c04cf67c0f4d788e189d85109f158

SHA256
7db5624de39f4e930f1e61e3ec27bac3efaabdb8661855ed746797e8ca409180

SHA512
8b43e3b04c4482028a44d870fef396bcc048db6d0b17ce93f993fddd1fd82880776768c162782f0c8c9277381ffb4eac31c97e49f9f71e4f2ef2ee12a7557a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T40WTZ8XQE9SH0ECTS1S.temp

Filesize
3KB

MD5
9648ac2c3b93a96f835b2d661515a2b7

SHA1
cf2bbc817e9e741d234e0ce7c2246c4326c3581f

SHA256
eef9e133bfed0266d5db9e45aa2c0d8529a7d0365bac891d404cb22ce6cc585d

SHA512
3138a8c9e1f4b54d32f3a3879a285c58201e15d8b76b6d57edce0445820fa398df0432af4c1c544f9328b3afb8ef64895181fa882d1ea15af2c1059e1b27f30e

Download Submit