12bb3621577e46d50208aa84f9c45dc9d2ae77e581ec23d1db2534a5d9cd6c71

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 01:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
Size

896KB
MD5

b6561154e0d9d0aa82b41feaacc09fc6
SHA1

b9bbc9cefde409c16aeb4d3d2f958ae87cbd0972
SHA256

245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb
SHA512

44f1629d39eb7d2ea4eb53b927ddff4345e135a640adb990fd991de3faa7b01a47434d023889c59e050292f3cd22070d078a236f66fb7719bd9ea360d71f945d
SSDEEP

12288:xqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTe:xqDEvCTbMWu7rQYlBQcBiT6rprG8ase

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
2300	msedge.exe
2300	msedge.exe
5220	identity_helper.exe
5220	identity_helper.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe
5860	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
2300	msedge.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
2300	msedge.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
2300	msedge.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 2300	3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe	84
PID 3220 wrote to memory of 2300	3220	245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe	84
PID 2300 wrote to memory of 560	2300	msedge.exe	85
PID 2300 wrote to memory of 560	2300	msedge.exe	85
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 1892	2300	msedge.exe	86
PID 2300 wrote to memory of 3348	2300	msedge.exe	87
PID 2300 wrote to memory of 3348	2300	msedge.exe	87
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88
PID 2300 wrote to memory of 3572	2300	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe
"C:\Users\Admin\AppData\Local\Temp\245a43088a2febf9d3b3b0e9f0825518f0df6ee5330627b73dbc5a3c8a371bbb.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9f9746f8,0x7fff9f974708,0x7fff9f974718
    3⤵
    PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
    3⤵
    PID:1772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
    3⤵
    PID:660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
    3⤵
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
    3⤵
    PID:2520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:4536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
    3⤵
    PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:2760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
    3⤵
    PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:2296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
    3⤵
    PID:3412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
    3⤵
    PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
    3⤵
    PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,3627568205699066106,15495184312147045600,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6736 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\2db2ea39-0e29-4474-b598-7f354a69692d.tmp

Filesize
9KB

MD5
060b70aa1521d19a731eaa5604fc1c27

SHA1
271c2bce44f3c865ca1deefb00b4c3771135aae5

SHA256
4c6c34380f5961ebedb15d9e6bcaea45263e02cbab4f2acc737f292b7078c723

SHA512
1ed35ab4f11e527697126eb64687a9d1028dde759a1ab3d1da90c18b539da598cb62fd6900b0f61b74f3a34c502524e6c464fb7e7938edc1e1b8f99d153589fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
761a952ab7793292946e895a31ca68a4

SHA1
f8713b96ca56c1adc07b320ece2d75d340047b2c

SHA256
88592eed614d7e1c11aabf8be42aaec6d8a6615526a2404ffa05a9cd6c4e2c2a

SHA512
7fc9e19deec6996a7d47d94db76c7eb7246fcbbcae9c72ba48e30084dfe64a853325d7303ff1850ad71614d3dbe090ee9c06a79e9329a19574bbd82bc720aa48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
0a7c98770f0442e2f711557ad2cc4e2b

SHA1
8e1b609d6b37ae5442726da6eb7946b055fac8dd

SHA256
e9cb114792df1450e07b26651c7d3ef479672455537a0b0b10c4634817cb9c3f

SHA512
61572855873c8f954d887c9135184443148c9e9ce587e785a26a61cd0f929d38716123fd1a80207bf186c9368518efd447d700a76efa129fd8d48c23ded27b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
4b37b935d81892cac625f41c36c02dbe

SHA1
b44c3562c07845d99b26239cb8d2e2ef6089f916

SHA256
01d85e3a633ea11f227a3e8056ff6d2e250592a3477429c5369e7650ad509d98

SHA512
ec5ca1690b83959d8f1b0947dd9d6b79a7b841d6a093cc5a28f3abc84ef889588e786748712216fbe59cfb5737469f0cd6d044edd396f49d2e7b1486630529ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\662368da-b716-4521-952a-7567d437f765.tmp

Filesize
4KB

MD5
3db8f3b2400d03c5bd26d2bb966b990b

SHA1
0398d0ef8f85195427078ce9b50ebd06edb8d392

SHA256
c403177e8e23cfc84f91c984a7fab5565b1a672ab7a1388e78aaa9824d1d9717

SHA512
a28c9ab1cba7abe25e384e7096d312ee302aac16c000711ec48fac5ad2a051b3fababbada876cd74d696bd82b0cce3e419d77170abb2019b4e9eb361d3a267e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
635fc0459d8234cf4ebfda70ad5e53db

SHA1
f4d083d37680c15737206e65453d4330b1f1c840

SHA256
34dd07621d549a27f93fc724b2e0d1265ef5effe55da9757e314b57914290d73

SHA512
6c8e869a3018cf82b5352c11c7f62e6f67c28a029a1982963f9e2eb1707d5417b2db8875417e479df075b251efef83f73ab68929dc1fea972be601fc65322862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
50059bc456c7bc0fb8d7acd04f1de2c1

SHA1
73fa41d4db65d259c871539422ba51ec8f8d6e91

SHA256
515cd9f41146e9c0f19a84bf306408c79765f53075770421e6fe5b22a1365031

SHA512
f2931e440647f6d58541e6a7d144d56c39ae0590bcd7dc248f8c7a48714a6d8e9d16c788e37bb31c649fdcca146a2e88bdbacb7ead9dca3e37e8cec91503d196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
ee4f325326fba597393ea7a0cc4782e8

SHA1
5624686ea439c539875a9a7afbcb2f0ee00bd710

SHA256
af17d38f86035bd663b629655dc5da279364bc403056554901021efc1735ff4b

SHA512
78e0226eacd4cd936544780912b7fea36a435e78e9e2ded7d5f883772cd49800071d3a025d164041ee8be4d1482f97cff135f8d428fb7b5c8a8db2c3964d0fbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
4a6d1fa3f0e50025c33727058bb1931a

SHA1
31e23f3ed660176422649c9405fa04fb6d082430

SHA256
edb8e7e7e8dfc4b8c99f3026460f76ff63dcc7714217bf31daf615aed6beb409

SHA512
eef181ca62fa05a8f71537e7b3ff5c803547a5eac38653103f296a7667538b81f115ad42da9e964ec59f1f022ae9082ba35cdbc3ebdd0a9f70e5acd9507a040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57cf94.TMP

Filesize
24KB

MD5
01f68652de8e79001d0eda4b1990b211

SHA1
8d2fd2467654d36bdd76001e13435c59ade0aac5

SHA256
5e905287696b60139016b9621c1df47c720923c4775e23fd5a4807a6752df627

SHA512
cf87242c0828d98a4168f54b5add2102a4e8e4aa8a194f7c9a93f4c04679962a616f073f98eff6c4d02ec11510fcdcf082ed5d75bf640ad2043ce98d0b31fd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NPBDM88QAL2Y4RVI39DZ.temp

Filesize
3KB

MD5
bc103de466ef04fac4f3290c8dd9e00b

SHA1
fd23edfa4a36003db4a93813d4949e6cb0f35e9f

SHA256
20a5a3576b1f1bebabdd9c8e4fc42661c2c42e8cf778092ead5550044bc9abd4

SHA512
67b74e039aca6e29470132a3c063aa4331bd2c17845bdea65bbc5b94e06798077ec7603a8dd960f5c29bc8ef52185bd409f563b4e8e6be2abbe27df4ad9a6840

Download Submit