2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29/08/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
Size

896KB
MD5

2bff08ec892c53c4ce6e36709b7fd2cf
SHA1

fc0bc34fdc8e748db731b7890302355a89ffe796
SHA256

2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69
SHA512

c288e4522640f71d0a2c950c07bea439e08737d45118c87ff508a3be4fe8ddcb9840c852d7ed8873a30065aa733e701e3c3e1b0c45ef06ebb80379a42754fe82
SSDEEP

12288:bqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaITU:bqDEvCTbMWu7rQYlBQcBiT6rprG8aQU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2632	msedge.exe
2632	msedge.exe
696	msedge.exe
696	msedge.exe
1012	msedge.exe
1012	msedge.exe
2156	identity_helper.exe
2156	identity_helper.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe
696	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
696	msedge.exe
696	msedge.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
696	msedge.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 252 wrote to memory of 696	252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe	78
PID 252 wrote to memory of 696	252	2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe	78
PID 696 wrote to memory of 4420	696	msedge.exe	79
PID 696 wrote to memory of 4420	696	msedge.exe	79
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2268	696	msedge.exe	80
PID 696 wrote to memory of 2632	696	msedge.exe	81
PID 696 wrote to memory of 2632	696	msedge.exe	81
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82
PID 696 wrote to memory of 2888	696	msedge.exe	82

C:\Users\Admin\AppData\Local\Temp\2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe
"C:\Users\Admin\AppData\Local\Temp\2ba3965a1c209f919833cd702fe78856ed0af480adbe8ba45e0073a9fcb04a69.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b9b23cb8,0x7ff8b9b23cc8,0x7ff8b9b23cd8
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:2268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
    3⤵
    PID:924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
    3⤵
    PID:3240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1012
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7592 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7745518119360006266,16279422377903263225,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4556 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
9c3b086b70f2db42e1094fdb1c87a218

SHA1
5f753bd71bbad14d62ff698a423389d975e9c4e5

SHA256
6f4eea9f46b6c04232af27f4aef3c464182029b77cfe38050a1fda62cb6d65b3

SHA512
fad94410c8a9fd84974b4ccceed5e500d9a913d73c604b2707059bcb15a33bf0052c7473973c42d9aa173c19e8202886025ec03f421ff6523dcb9d108257bd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
90b1e02c643bbf07fa200f7a97465896

SHA1
bdd8f4e16d3527721d8d020295a9cd34b66fc438

SHA256
f09ef34e28b5704f4ab73f316470b59b059527d56d947d4c8ab648ba3ef194c3

SHA512
88f145dd7940b08757552ed40f26f27ab2443526dbab79477ee7c1604f316093343d699d0eee41e5a1d04fa48121bfa50b48de9dfadbbefc72bd46df088e2fd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
e7b8d12416d6e8a18ad55b65eb3a0980

SHA1
3c7ae68713b857958cf206a8f321693e532723a3

SHA256
426702210c63b392faea6555b46dbd18778a13da0abfc63094165ebc13a3c7c6

SHA512
f1abd76c93d62a413e8015ac007ef06cb44dc4d79e711e33688e8620de7bd67cf08552ce2c59ddfbec610fbc7e4e042c13f3bb24417e28499dd9b69fee0e55cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
0ffa47a09ac8841f087c46c12e7781c7

SHA1
2e5149cb087eeb79474a5f9406abe3db6d77a846

SHA256
9fe460f45b9315bbaf6677437716970936f62950693c8875b7e60ae21bc1a4f9

SHA512
1941beca071f33abfe13430e8cd9a9ffae11285407d376b07220332475925cfcaf8fd79e07ac867a1ca3e306256231a7ac10cd761979ad2a6cf926a587092e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index~RFe57c7f3.TMP

Filesize
48B

MD5
e0ce011bdf02a603b5bae935cb593594

SHA1
f3cd271bac5630e11cb02b9c56edf881931e9196

SHA256
ae13316aef24511fd6810758983a5aafdbd351ed0477569bb6f6d517f76af521

SHA512
1032bae4436b35b4c2ea6e9f34bca66b38f1aa80ba8753ad2a3e86ceb2b73e12ee4795ef21f68bc86f4914ff607fca6c7a281e98143a4ac3b3345ce45da3b7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
69b347d8819bab4a557c83247f84dc75

SHA1
83b5aa4c607eb45dffa64674f8f6ba17e21f588d

SHA256
e98a2c9e6d652c0abc75c441d9e5693b9fb7ec7ea3890c58cac0b5eb6ff3a4e0

SHA512
e5294c646aa8a56c39b1c2fa457458f53dff11295c959aab25e132b8bf8138e987f20bf2dae2fb32ce11a836a83e3e45bb149a9a5ce1363f07de5ecea561bd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
7b34194c3dcd33a5a1d34abae3bb1c1b

SHA1
7a05b589464344dc38c03e3b11c02e200891e731

SHA256
dd1460ec12d6c4ea6ab6204a5ba600ce690e354accda33ab4b9e1100ae0af47a

SHA512
c63de8364b5680c429e66dc572575a817d58eb6b745fb5ba006366e5aee9b5f0d175e5c498439dbd8fca807d60bbd718f31d093185964c57043de1417de701d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
c2f0db9aa807a37d83acb9eff97d6c8d

SHA1
072b6c6da32040864f64d5536d6fe2fd840fee5e

SHA256
3f87cc5ced6a84cf6b256abf4ca01c3dac91b25470a685d30cd0bb4ddbe3ceba

SHA512
054c8db17b0e3496f58b3a35c42a33023e8d6450683821c5d859316ee0cd430abc437173ae630daa318746a322cc59455a05d2ffc9e0d1f04e1e4203bbfb1bfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
23fc2378bf3885379bd7bb83670c1179

SHA1
ccf01a73715951dbdbbcedf9be06f3a1e48496ab

SHA256
2418da56655dc0a8677b6a454b300d39daed2d86de7839c6603372803f4963de

SHA512
fe57e9435efa3f4620bc85ae1cc4a6e2dd8fc1155e1a648649a1b823c09fdb6ecf659768e2d5d767939e7219ba455c2ccd07d393095239d9e58844a408bf061e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
ceccfaf491f446ba413d0fa23dffbbc9

SHA1
3427d6f7537756e0023ff915901d412e404204c7

SHA256
31eec7ed8d79b334cf80ed391a235e7afe273733e032a5cfe901d08f87295a35

SHA512
7f1132e90c1dd90ee9d066aeb523634c074423119e8d2bebf84499914cf0babbc667322c2c9002cc5fb96b735666513e0059b890a3fd67657bc2c0a8f9956f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
ab586a039555b63b072db1384df127f2

SHA1
95ec23189dad26ede1eb8dfb90ef9f52337eab73

SHA256
7a0f9a1a7632a9b2ff3bc32de0736f58e3e0b3a8cd2a5a926424601508cdb893

SHA512
896b32128a8d8174e4acfcf8ac8d90e3ff9da65b0271abe50d3d8271759c4b29c27aa3fbd6eabc6a71efa0c6eb32591aa6910fc5a1d6eb4d95848b86854920fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe5771c5.TMP

Filesize
3KB

MD5
63c375c528302d7a3a1877754c2de87a

SHA1
dfb4120a23187d62872b26763923198ec910b624

SHA256
ee2e8a1be4072c1cfb102852d9a0a77e4afeb1ec2ee91a6be86cc15084f5ad0a

SHA512
f899093ce250fed60e8c15d5b71014c7be0b517328ece129a892fea8856185c88f8494de2eaed2724fb476183be11ea9d3c99fd41f215f36264bd6918e008fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
83e6bcfe82c02fa76c582e44294d7f23

SHA1
b738a9bf4b9e79b1c744436aedd46c9732e6a355

SHA256
eba83c4126fc585d7b7686971149d4637693437c10b681c9398e8366c1abbf6e

SHA512
065f069745980b17598a2edde84902bb681b56ac67fa0178863f3a582413bc73d24fe1f3d5f644f8f206294c1d15643ad2117e549b700597a8690b1d6237604f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe5798f4.TMP

Filesize
25KB

MD5
045cddd354879488f51068d06d926fbf

SHA1
295c9361fadd99468cc09cf2b1f803d72f0d8ed4

SHA256
e649146ee9e06bf0fbfc2c30f8c85ea3255548070b85b47a34c9f61b99606205

SHA512
3ad2286ae5b5abcd12eab12e1f21fad20a2be4bf1bf6f020a31bb05b493b72f95b62c9ef8b6a34fca2a88390e8b3c00607447defa707cb90122670ff7c8e8746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
6b865bfc7d976206cd8d6cedf30cf80f

SHA1
a0e3b1343667b1395b893f11fbf8fe8b43c7c9b9

SHA256
a270707a246d2bc24d710e027f2e92045428ebcd91cc968f6c37e3878bc63925

SHA512
1339f88c7606a68fdcd2fde27bd004dbf96d51e824ddcc34a29c50f24e8098da2fb08080e29f0cc89d2a6ff1289ab5267d987deb7fde31e8ee62b52480cb810e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe589601.TMP

Filesize
203B

MD5
3c1414b1f1e725e74ceafb1fb8303f35

SHA1
6c51f602b5490cf9ace71d18d63da50ca455a06c

SHA256
fe7bf495733798414f06767a15b1573dc8abf81fcce3bd10e5856df20593dda2

SHA512
9fc15dc9d35f5242c765cb371887792e08cd4f47fb72972ed536c7d27fcdab997f6264a7f0f836e2e9283faee421d151a57b9537bd633423d7f14e84ab6ef348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\f4e7902a-79ac-4300-8d62-55b1cf30d183.tmp

Filesize
9KB

MD5
5168680882f92036c053a0c484236b46

SHA1
6a016d85e2b33ac4f6b9114918e257319d13aca5

SHA256
ef62729067df34b2abf698d2f5b917b86aff3b6be62b839bfa39719279bf580d

SHA512
01c801c0b96dad1956211de0172c84d745f8ef883369ce9135df3592be553a43a20148cd35617e63b2b8d5da36ee2deb5311186fe0619f65dc8e48cce572cbb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
22d53034089974fd2513846298f252b2

SHA1
a5ba9bec4d38d86296321d9682279e0bf8df47be

SHA256
11cb93e48ec7db5f8e68d4f5fbffa2ce3e94c95e2e6d990fcc27a21e1b1c539c

SHA512
e98ed6f58abde3d3857bade4fb0cfd542767046ba9cc52f8664eedac41fa95d16bd34fef05ffe6c465eb3173428ff1224c18b167887e1088f5d17cbf477792e9

Download Submit