2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
Size

896KB
MD5

1e5e4b7721fca5453af156de5c0fb668
SHA1

b70ec58cd76edd64dd2ea77f88f087d8a932bcaf
SHA256

2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d
SHA512

9661055b6aeae721bb3e0ad2e026900fe6a12cc993aa150e85a3c0f4b9c64803a01666fde6301055f5c8ab36ded19777103e41107f9b4a5c4e0a201fd0e2ac85
SSDEEP

12288:bqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT1:bqDEvCTbMWu7rQYlBQcBiT6rprG8as1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4768	msedge.exe
4768	msedge.exe
2024	msedge.exe
2024	msedge.exe
5432	identity_helper.exe
5432	identity_helper.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe
212	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2024	msedge.exe
2024	msedge.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2024	msedge.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2024	1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe	84
PID 1600 wrote to memory of 2024	1600	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe	84
PID 2024 wrote to memory of 1444	2024	msedge.exe	85
PID 2024 wrote to memory of 1444	2024	msedge.exe	85
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 228	2024	msedge.exe	87
PID 2024 wrote to memory of 4768	2024	msedge.exe	88
PID 2024 wrote to memory of 4768	2024	msedge.exe	88
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89
PID 2024 wrote to memory of 2336	2024	msedge.exe	89

C:\Users\Admin\AppData\Local\Temp\2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
"C:\Users\Admin\AppData\Local\Temp\2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa0b4346f8,0x7ffa0b434708,0x7ffa0b434718
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
    3⤵
    PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
    3⤵
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
    3⤵
    PID:4288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
    3⤵
    PID:3296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
    3⤵
    PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
    3⤵
    PID:996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
    3⤵
    PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
    3⤵
    PID:696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
    3⤵
    PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
    3⤵
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
    3⤵
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5530556411199579056,8190654162048762055,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
4e4c34a247f7fef354d429ff686def26

SHA1
4704d39eb3e519c97c6cb9aab0053635e5366092

SHA256
4eb18fb488a46b715ddcc370bd0f62c28f96c111940997f11d034841fa91de61

SHA512
0246a80dcba26ecebbf3b7c3129b2dfe89b3eb2a7ddac59027d3e44c209a3412af43ad6cc79d171b6726d82c9a6d6975729e8af61d319616b6b29da3611e2a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
116dd4f70fdbcbea5097c92addfb349e

SHA1
037186765c2b1193d98803240abd57cf70a18bbb

SHA256
08053916e01cdb0b644ec3878b6244f5f9ef4c9f663152acb909b201a635c2a9

SHA512
f9da03959570c786c0fcca49a4e238c011c626661e2af804e323669e32e8a7c026015310aa85ad219fea63294d45149ad601b1bbd323f78523e14b3a63398d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
d6504a010f96be853d22cef9e2b53112

SHA1
080496734237ffdddcea1b197092f311691de259

SHA256
5ee60f335a95e6f8b672ec2ff994d59899238cbfc046668d920f00a77e97252b

SHA512
c7914cdd2cfae12dd198081613229516c1c9950b532ca389f037fda4e050a5bbd4f8ac9723bab4b33d5c60422e62ff58a29d6e79f2718ab0988fd41f9aaeca34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\62888789-5816-4aed-9bdc-a54f670e031d.tmp

Filesize
4KB

MD5
c34f015243e6a971ff47240fb6efc049

SHA1
a7d7eba0f3259be96bc363628700c558e80c3189

SHA256
bdd2b90700baf9217f011fb1f8ea0b818808213a125121c296715c99ad2143fa

SHA512
6005fd2cc4ecdffa19591d5afec750c7cf5d2164d238bf4af9965f6415a3ad4f41562d808a5ad92f6ecfae56d74edd9267eb9d2642ab5f3e048b4daefffdbb43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
22e8f70a27d9d4913f86015277616823

SHA1
721bf57da6884b8acb6cffdbcdb761e52b94d1f1

SHA256
49a75c9cec542d422c57a9e0ff13ba0bc65460e52b91bb161b3fa825fbbef7c2

SHA512
9c13c003695aa3c577feb0a57a5f04dea4e10001e0607e75811a171114dd6865686a4edc040b61708d0714edf3f99e4c2bf9a1a7e09e0ac2e505d4871ef02025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
29d59f0d68988d3810ddf80e346239ff

SHA1
171015b5ebd5e61a4af476cdd443ca983d9ec1f5

SHA256
ef6046503eb2fda9d36a6ad367428cc0beee1dfe1185c3d089745fd4bbfbfbaa

SHA512
1e99948345b341fa2c6a110d8d869e73e903ea501967bd2ca277282c5cb249c0f54acd603afc490acba33b69aa9523c32f540b44f94cdc01eb8dac94edaf21db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
18f8b044162f07954e23750c0367be7c

SHA1
64ea709678fa970a0f98d204f9ae59c28e2560a3

SHA256
51cfb178b7adcac821abc105858a3d961e675caf2002a0bb13bf8deb17d0c8e5

SHA512
37bb3815bed417b481103c831de2ab318167d0b87587978408ea4d77e88e25f4ced2921602ab5070eab0b3fc5ce3b54b1dab1833e12ca40161bb25998482da31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
24KB

MD5
19a17c5b2a24f9a9a251d5ecf2e59420

SHA1
620e214a203b4e501ebae5b44ff3d552484ef663

SHA256
796747d143a12fe138f97b763eed7db788577d2ae4e086c5f911036b29c77edd

SHA512
cd70eb2e3f678bc849fc9d7bf21f03b035a52c5a2d41e2cd4061c3da2a55ac965c9725d348f0782dd699596543f71276426fc2dc64c7ecf4ff2a5ec8c88b8162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57e148.TMP

Filesize
24KB

MD5
442509b1bced6bebabf9a60ce2372c9e

SHA1
6a92e89a182e37f10f673a7419cc293b8945fdf6

SHA256
6308b0cf45cacd5aaeb22be27bf9a721cc65bd9dbbd2723e1ac98067df9b1809

SHA512
102df42f1e0efcc011eb647a3150ebc5379099741eee9571cf308812a55f3a2546ded388703457ccc9c3df1cac98961132a2f1e05fb577641e9c601cc06ae038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\dc75b0df-4275-436f-9cb8-280235f4d26a.tmp

Filesize
9KB

MD5
2866ae052d3ec5cc86a11a9c977e7e5e

SHA1
14a7c4856505ec2c80971fd02ced20ca2d89295a

SHA256
961f760c42accfaebca3afb4e05ad6f7ea295046e71af8c60660d577a0a66c03

SHA512
b65fed89fb10eb10d1b4fd21ffd1c7dcf89c5d706647c655967a5d913f01543fa43e56eff2956ebcd352f1fb92b65b978bf602601505870991b3d5ee47729583

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X5FBYVV7UHVE1ET9Z02M.temp

Filesize
3KB

MD5
c2b7600d051d1b148282a8d30cc2dffa

SHA1
562840243ddadf5e819c7211a71d9ac95eaf319e

SHA256
ae9ddf326171759829f231b99f890ec4df8ac1e17653e4e9b23aa2e760d20c86

SHA512
2daa8cf42f3c133a6ac74867d6631871d0b4284f908e45d4745d715839290731e8e9e3181139711c47b6b729c39333615fc4bc1ca4ab2dfb07951668deeb798f

Download Submit