53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 13:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
Size

896KB
MD5

ab347bcdf487791492fafe865eed030d
SHA1

367c691778cf2cb590581986c3fea87504455782
SHA256

53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2
SHA512

9dde5f9126df93fef41fa9174a2d0ba01facac1746697282422c73f32a5d1fad6f8769d647d69403802069a0fe901baa5eecd5c0847c3191e8f4d545035b87b5
SSDEEP

12288:pqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTt:pqDEvCTbMWu7rQYlBQcBiT6rprG8ast

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
3788	msedge.exe
3788	msedge.exe
2972	identity_helper.exe
2972	identity_helper.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe
3788	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
3788	msedge.exe
3788	msedge.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
3788	msedge.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3788	5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe	83
PID 5080 wrote to memory of 3788	5080	53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe	83
PID 3788 wrote to memory of 2392	3788	msedge.exe	84
PID 3788 wrote to memory of 2392	3788	msedge.exe	84
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 3636	3788	msedge.exe	87
PID 3788 wrote to memory of 4740	3788	msedge.exe	88
PID 3788 wrote to memory of 4740	3788	msedge.exe	88
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89
PID 3788 wrote to memory of 3000	3788	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe
"C:\Users\Admin\AppData\Local\Temp\53aeb2fd2ee3a30d29afce4d852e4b33e96b0c473240691d6d63796caa3016f2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1fcd46f8,0x7ffd1fcd4708,0x7ffd1fcd4718
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:5024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
    3⤵
    PID:1148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
    3⤵
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
    3⤵
    PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
    3⤵
    PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:5160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
    3⤵
    PID:5804
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8
    3⤵
    PID:5128
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7472 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,10771679359031859056,785315856388915010,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8372 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
f1eb6d6887da1d67981098965e36fc69

SHA1
794243460783d47e314f7216e1085eadd8053609

SHA256
db193fea04b6d85f368ea6c13ce3b83895b7eb3a0ce18fbd3a8054de93c1fc49

SHA512
427e6c64440ace6cf369ede8e07950aa01387a823744f495859eefe1d70c002fc314c7006c7e8fa8970f9d634809de22524d94ecbeb22c2e977d96aca3058dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
71fc180c3aa8f8cf9c5c0c6928e36a34

SHA1
c7427af208853f47c683e22d573bcc672e823ba3

SHA256
4faf71c4b7fbec1c65af7dda051d52378d677454ff99c4acc8c5969ed174a1b2

SHA512
5631fab0520467dc5f84b90c1b7ab189746270528d1c83f16eb73e261f81b9632e07ab3d2a7dc1f41272901785c806ebe8012d8e1f37af331bb5e2bcaef0f695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
ed591c61c7683d45d2a3589b39da60cf

SHA1
c338faa02ce16b6e32ecb0c19248a869cc24fb07

SHA256
e8370253593b04d498a8faaa53b13b840f212b0441ef4684fbd17a14ded98fdb

SHA512
5aff233f96b5d14a96ede9ed37cf2c0148e935ffb231d46152c5fa8ce3d3c802ddd920c1110ab9334b8ac1d7042c70db9a215e2baf4ba6c3a64aefb06d435c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
3e93c307dec68b416f269313603a8e3a

SHA1
6a0bdd8c9a7bd9d9e74afefe313cc00f32f3192c

SHA256
c6da87380a7f7022fdf83406d936e31e4b54b840903831cc420501729405a845

SHA512
7230cf7b6202887094049db61008b0e21f0f72fc12e8011dab7aef763b59521f557c2c74e8a02794f0e390cb549d5921d8495ed4c996b97ed6671cfad8b242e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
e865685b4f64fa27e8419fb755fd098d

SHA1
633098c507b748bc7cb3f6f22da76717474192fe

SHA256
2f409bd083a0a2f7e0273633b42302d1abfcc796a9b9b8072514700df369b002

SHA512
fa8871bc0cb5b9b22c21c00310cc376b7a5b43340cc6be2027d481c88ab9e219b57fc2b7229dbe2ad4db991ef3bb35821f09348d37e6c9a7a9f57dde6d15a116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
2e8ec1f4b87a72c2b0ebaf7882fdb5d7

SHA1
bdcf2b241f1aaccf1691694fdc7a7f34747ae58e

SHA256
f8e05755c07173b7eab5643232762fe35da653199f7188e3fb868ad69da0dfca

SHA512
57d4b86524a17d2da5679fa160bf2151278c27d67078b3e5de3299facfba8b064f9da7f58532fe0e6d119295b92ebd3699e1313802fe0ef99e596808225de248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
3d8e93dce88e4f871be02beeea676f67

SHA1
2238731416bb1e1ba66d7ead4cb3b76044af0947

SHA256
4c69ec7e297926883d8f4909b47d8f8e26ca93cddbba0e7555661f70514f818a

SHA512
7e735b8ef51b67f0e139b99a18b0c5ffbd71be1e501f9f3b79d62b54532d908510a21c7b968b2710da8ed686fca31bc448eff589d7e0a337762f24532ec229fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b110.TMP

Filesize
24KB

MD5
fb2d8e7b028d000edff601a0e35cfe3a

SHA1
3161bf3747562e8b07ce0cf71e7983abe9889285

SHA256
bc01ff62d7fa511857e56dff9182c65c7d4ce3b3961b642931e9d7750f01bd23

SHA512
ca00ec7271406578adaa9e04ea69ae8a80d027e8d44699f2a15bcc2679c7d5b7f8e7abbafd887e2fa66d81288aff15e821f94fa3683d159d3b899eb717c4b5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\e96f8f2b-f793-423b-988f-b22078b76e8a.tmp

Filesize
4KB

MD5
693a7830436f20496c08e9c92580f654

SHA1
ef5bb40f94f1399efe6243853942c48db4d898fc

SHA256
567a20e05db05103c114a4db25eaa7f8673baefe04c828576291f4a73b63b0d1

SHA512
5ce4028c0f15a855b924c7dc481358585ca3f123c14902ecca5851394109e89c1cdf32e78ed03a00f4a840479853340a627b785e6ecc84324e776c34a26b429c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
9KB

MD5
6fc460a919ddc4aced4f211715f470f2

SHA1
bfd71cc078621dadb92087bb8622d8c0a6ef06fb

SHA256
a0aa7662b826de5e40741cd4e635d59b30ed9d99df3ad49df6043e39d2160fdc

SHA512
9d8848172a23e1dcbd76f7c20d087577d5351a9c4225d86cfed0f69d4f40a84e513c02cd8a76335865166db7950226b14ca4ccb9544189eef332b1478115eb0e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KXKL42TR0AFVDH360VJ4.temp

Filesize
3KB

MD5
a4d7970ad6e40c804d1a4f5780bf2828

SHA1
d05b5acd2f33d0f34baf9632646d978e5e11d8f6

SHA256
ea74b554b8279ccb17db2f551d0f6e1a14e1a6eda183b3a1d7e4585f915cd206

SHA512
d7da77b64ba0f2f69ee93ee615ee4ec6e97281929fdfd948873d50405d4eeb6c8ead1d2399c0429e17e1e09d5a43e192145facaee09349f542ac130674bcfe4e

Download Submit