4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
Size

896KB
MD5

e63943693d426b7360277c344d887756
SHA1

1b03678737f998870808b386369e8f5bdee92d38
SHA256

4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf
SHA512

74c7ee53823b816ade7442c9a7d903f72d8fd2a182ae1ef60094c8498990e2ce7c7c0386861046f60501b7937f3e8fe9baafc41010e452617180942d250a3422
SSDEEP

12288:EqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTO:EqDEvCTbMWu7rQYlBQcBiT6rprG8asO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
3612	msedge.exe
3612	msedge.exe
5696	identity_helper.exe
5696	identity_helper.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
3612	msedge.exe
3612	msedge.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
3612	msedge.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 3612	4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe	84
PID 4376 wrote to memory of 3612	4376	4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe	84
PID 3612 wrote to memory of 4456	3612	msedge.exe	85
PID 3612 wrote to memory of 4456	3612	msedge.exe	85
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2352	3612	msedge.exe	87
PID 3612 wrote to memory of 2704	3612	msedge.exe	88
PID 3612 wrote to memory of 2704	3612	msedge.exe	88
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89
PID 3612 wrote to memory of 436	3612	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe
"C:\Users\Admin\AppData\Local\Temp\4e5230b94479545a03d6f366539b3b2f9cf2243929858e5cb1603ebc1901ffbf.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9566846f8,0x7ff956684708,0x7ff956684718
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:2232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
    3⤵
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
    3⤵
    PID:1980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:1128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
    3⤵
    PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
    3⤵
    PID:1108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:2684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
    3⤵
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
    3⤵
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
    3⤵
    PID:888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
    3⤵
    PID:5232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
    3⤵
    PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
    3⤵
    PID:5832
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
    3⤵
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,10196994209128143459,9556583148306842305,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\88e355d7-a1c3-4310-81de-abdb6b1b9e52.tmp

Filesize
9KB

MD5
fc282a014aea87a971e8635cb99dab6c

SHA1
05b817cf3b49983861174929862404bcd2a91dbb

SHA256
e39e89d583704ab196f28f0938cd3a28196d2d8eb46f6d0854e2348aa69277ab

SHA512
1d54022320ba7208888e9baee513958ef58f2f3e2777e78b1beec18a2197402ee151e821fea828a506be033cb827efbaf0828fc91879e1de2284e6fed556c1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
29d94f72e7175f44a82396360d500fef

SHA1
81c2c1c03735e2ca84aa378b8602781246bc3a4a

SHA256
f29d1a95c54db0ef9f575fa422583ff0b99e63cf5bc13528f10741295b7233a0

SHA512
b6138b89ff2e19381954c127306246807f9b66b146affb7d39a8d6ecea9fa6aab314d407339be56d93ef712d7b6fa71e07871e52010e0300701c50205be6c152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
e7f8e848957f1e7eaba6e48809c11a86

SHA1
3080455fa080fd2836c618c4749f598441c1cf44

SHA256
64c83027c8fd18630feb8cae671fb18f028304e3b729aed2d484608293f3ebde

SHA512
8c94a518c85bc2454b22fc55bb96f6dfd6b3252a750e85dfff28697704909d7a325df5805a31166a6b8f11a3d6dc05b65e34b39a3bb616606d801cc6ac31d4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
97c9335878240bf60371d56dbf54be90

SHA1
dfb498bb3d6900144eb93d5f1d4aae0322abae60

SHA256
3c6f6c034d4889de889da5d2c61e3eb2cb7b185054afca28d430c3703f0e3e43

SHA512
34c1667f63197fb0d718ef8892ecaeba22a52b8369840ddbf1e0defdbaf73779d110b0bc6be34587c3254a56d5f418b3948ec12ebc7f63877de2f631facaee7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
2f52d168482f211d10a0a5f5f33d9d66

SHA1
ab9f0ab2da995fc2558f4d764579642287386d84

SHA256
2ef35dfd3d2cc0aabf0799e0eceb788fe870c62f7b3cd87ac6385b6880821085

SHA512
9276b4afc978251aebab1657a15aaef92f4ee4f47e0c290a6e69730e0fc39a423c52a31006c93f6e3233661a2bf4e5196bcf79c8b8b43ca019dbf18b235e590f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
ea25d3b4f597fcf489b37e685b83209f

SHA1
1199e786b1f435781524234c3cada1650f75ef4f

SHA256
f06d7ce2a8e5dbf223c393fd42d0a71f79a306c3d4de1016dd65dbfe4d15a91e

SHA512
c5eff22b6b4fd5434330bec62dc4a76df29f7834ba5fa508ad1450d43cd2884357b78518f7ea5752e7465af9644f9958ba515a4e182f05aebb852c41bef8c747

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
c305e7d9544d092c511d114cb085cba0

SHA1
19ab2921deab583135f9cf201e57fcb593cd7b04

SHA256
9cbeb506494ed9d0d34dcc28cfbc37215cc08bd40a70b3589850b7c7145a4e79

SHA512
433a44b609fe7bf30edc56f37f8beed0bb4cd9b470d1cb1ea7f72af2b21eb100ce8da8b4eeb6d49b5fdf0826240631eeea4dc8f6b3653d4b06f7b4a371e35f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
d349924b4e28aea289351944682b639f

SHA1
a276031b0ca55cb33cdac2d54dddba2e71c1994b

SHA256
6a44820691ecba559cb4b6dd79b690fc6cae4c72d83bb6f0b2102bf53bbe295e

SHA512
0826c14246f150338a41e181bb5a4ac1d29db0fa2be192bf6bf49ca2347aebe664b8969e31d5042e7e00d4a125abf6eb1d0954bc4eaa667bfe3a0134a917541f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57951c.TMP

Filesize
4KB

MD5
7dd3201fee832d0ef51446a6260d1df1

SHA1
ce980c0cbe05116dffd6fd019c5b7a1a63eed2be

SHA256
c808105959951a40926a5b11a8e501736a71316b7952a2d07541130a0124f82f

SHA512
5aa5c3d075886aacd915f08410ccc55ff4778942d97b915e3f6af7e64c05ab3650a440f3f782625e655af4dcdcc2fcdb4c9689433d3ebaedc315e20856c50c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
cf9de03000ce310b1ab7cab76dee1cad

SHA1
cdcfd8490663d4a1e6555c8ca7eb86c0b75dc741

SHA256
49bb0dfe1737c78866e8b74930f82f235d2fd1b5faee443ed45e9228076e6f1a

SHA512
a5b0fc0abecd95516689d590eff8d71191e315ac0d18fec52e213fec4ee4b6747ddf456d7a96f44a430ee516814d713f1381af8a3dcc0fa54ccaef8d329d62fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57be8d.TMP

Filesize
24KB

MD5
ae1b20762f79f8ed67dfe47c3a8862a9

SHA1
6824e8d895b35a0ca4ec5101dc72f1157ade026d

SHA256
6d757ddd304f42f146a3a2ef06343f3bef45413e50a1a7fe023f291182547702

SHA512
d1a042f7a9f17f50c730f2d58c9b353b92c4e0950e57748133794ca92fcd812bad3874a66d174f83300f20e3b04e4175549bccbea6bc113fe2f7a2eca8c60f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R7BVH59ANINT59NAGUMW.temp

Filesize
3KB

MD5
01478d01842597e6f10cf29286acf3a0

SHA1
ebcd80003a55371c3e338f4825998e6dda6e51b8

SHA256
892c19a4601a39f726ad3c568d33548625588f01550855beb045d4c5b4a02c5c

SHA512
3ebe314fdeebbf6e0517d969e0b12adce01564446e8dc76abf593b0dc2467833153e931f96567ee6e08b1235a75022292dc23cabb06b8c2443a4ae741f6c9f0a

Download Submit