2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d

Analysis

max time kernel
150s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/09/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
Size

896KB
MD5

1e5e4b7721fca5453af156de5c0fb668
SHA1

b70ec58cd76edd64dd2ea77f88f087d8a932bcaf
SHA256

2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d
SHA512

9661055b6aeae721bb3e0ad2e026900fe6a12cc993aa150e85a3c0f4b9c64803a01666fde6301055f5c8ab36ded19777103e41107f9b4a5c4e0a201fd0e2ac85
SSDEEP

12288:bqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT1:bqDEvCTbMWu7rQYlBQcBiT6rprG8as1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
2900	msedge.exe
2900	msedge.exe
1556	msedge.exe
1556	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe
440	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2900	msedge.exe
2900	msedge.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2900	msedge.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2900	2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe	81
PID 2800 wrote to memory of 2900	2800	2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe	81
PID 2900 wrote to memory of 4404	2900	msedge.exe	82
PID 2900 wrote to memory of 4404	2900	msedge.exe	82
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 4992	2900	msedge.exe	83
PID 2900 wrote to memory of 232	2900	msedge.exe	84
PID 2900 wrote to memory of 232	2900	msedge.exe	84
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85
PID 2900 wrote to memory of 4876	2900	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe
"C:\Users\Admin\AppData\Local\Temp\2e54901053577d1daf86c0ae78833e52f9969908d7dd0e127ce25fb63a0f663d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaff603cb8,0x7ffaff603cc8,0x7ffaff603cd8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:2740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
    3⤵
    PID:420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1556
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16322803792693849526,7246159304538587660,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3860 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
647efd3dd8dee4d58342ee3be3a55282

SHA1
90e29d0f0f65b6a639cb09c464f674351723c85d

SHA256
ce4b4653f5dd5d90ebb00f8b22cd369b9035d6944a001d760571ee70aff52c3f

SHA512
280de1eeac42dd5b4e87e64fb870bd58cf9cec4ee399a5de2ec9a42cd3ed31b1b05b8ec23f5e39a0f8ab9bcfa61402f6d60c748cc19229826fcce47b95acafde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
588a8535bcce81334db15d0010e44153

SHA1
48865e9cddf71c60566e76fc37b80dcd029a59f9

SHA256
be0f51191381a5b666dd9ce44dd4e2bade75e438c5b8501cf0de233a6b338f07

SHA512
e9199cc8d1d2d2b4e7b6c4e3301b64dd6d000464cdf8c77e7b37ed601c3805b9900de220d58b1d4f5b78344960f5ab42b760e0461cc40c4ab9d86ec886d3a59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
3dd4009f442ac30feaee6ae1dc43188d

SHA1
648ab1cd3761886c92ede3e4883f9a21efe34d29

SHA256
92fbf9885216a8c5d6dad04205e71e302ff9f67645d8e50673def36632927b84

SHA512
9c3ffe898e68d82e1d8b6b85d33d510ecbd49e3b39e18d0c7a8e8b9c7b2488fa8b172c3cf01fa5eda4cb44c5d1f75a0fe02976ef366d42907e96630c6954a364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9ed197b1ccdb0d80a898b1e51e65e454

SHA1
153e16b31546cd01afc06bdb2085fd1069cc52bb

SHA256
5c434c1d206afb64a0a36819e4c19f09ce664506bbf1735061546c144d359a13

SHA512
34347582ccbf1ac3452a69cb867e8a3086b7d1b50d98e4d1bb2395bb8d0a88ebb75d53c60f50cfa279f461fc2b553ff81950bb424012f9dc4331dc332b6b20f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e961f8af99ed89bc7fffd0bf11c0f8dc

SHA1
612039d560799df32d311442d1262dd1d5c04848

SHA256
312673e869882fb45017b01de98a0692c30fa51152c48555125ae53d0d33a905

SHA512
3db8412a443ab6ddac6eb240ec11fd117b3a1d1f52854f79ef847d4da9e25ea8e2b1fa628ddf34dcc5e0ce27ccdfe457fdd15438442d2c072febda8fbcb69b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
05b9808ea678746e0219e89bcd68ee55

SHA1
87086b362f4454bc66f29779c716450372eb6754

SHA256
98fc285663163a140bc64c12d51920a896697e5ef358b8af6790b605f78a43c1

SHA512
4585bb43345f3cf7598bfc6da1e1d2776ba9bd9b7d2a5494d7ad7b0172deaeeca980af25a39dd9ba8d03fcce7c92ab92333b85e65a1c3c8b9a3061a1c90135c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
39eebaac7cade4283ba54e11065d3dbe

SHA1
c86f646438a4b3d150e49284765ac2a0ee32f518

SHA256
4e09c16fa04a613c1b8edec6a3ae2a1956b8fd53117a7022082e68b9aef5222f

SHA512
ff75d1bb7700b8534c190865435e6542ada8c61448a759293afd2cfaac27c2a342f645e914711538a5de2e4581a42d160b190c3f5738fa84dca61b138c9abe0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
2ca1099bcbbfed0a214c9389f5323bd6

SHA1
0da10f9119827774c7dce32369ead033ff1d7d08

SHA256
ae9a78a06786dcbc897f04e094cfaf6a9ab4b3c5cc9a6815e7c55c3d7e2f2f72

SHA512
a14bdbd22ba4d6b52a6e2644a16bf0e023e162db0d78388d842ff2b2e4f17910dda96d6bd10666b1f9c43216b83ba15b1c4420e61563ae860a3b03a81e248fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
cccaed4ec6eaa44e00d86e64f8e97820

SHA1
fddb2276fb68fb71960325bdf2626a5dd12e54ef

SHA256
9a2db366cf941c1c9f702404203611a9ff0fce11cc66c71ef21aa9428fe0efd0

SHA512
afe98f2b041019e862631a574652b94f7bb78c4dacf4cf8af75bb73dcaa3c3992386caed22ae6febf452f2f468a4ee50094f0efba7d18decf7771297275d64c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
17872955ce94d373830b91246aa6cf40

SHA1
4a3475e6d076b0513b2348454b881a6aa50a8855

SHA256
0b69bda9f7c201373c5465343eebd028b35921aa098575b22031c0f2eb3bb9bf

SHA512
f9ef345c19751c10b10f5c60a7d7bd90beb47056bc38d6739cf168516141df47b8f219bed40946fab5caedf82757d11992352d51ba32359856987d92ef65d624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
4a1d79f8954cf5f88466080a63ed39de

SHA1
ae2e0c020fb2291b87a2103dbd7d40cad648b675

SHA256
d253d589c57007d0ddc5d4f0c37fb869e1f9a2d3eca22d3fa264733834fb0128

SHA512
e90d1921cb68ddc947c50c19eca25d1fc24f091ab8feffa39c5ce1751b7d1739a134ba24f6424ac2063c07264b5dc80638fddf35963f19ed94db29ba99e1318e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe578ed2.TMP

Filesize
3KB

MD5
4b4be2a7a861ea1492a51a83a344d5b6

SHA1
2131e4374e803cde57a74a1f13c0dfd044350dd0

SHA256
07f697a9f60f6b1b8747325387fd950db154fe983c03dcfdea648a7f18f1cf1c

SHA512
b4db845df4d918d3cf4ed736a69c07d30b451815a532963b72a8ce218a04fa12996b8c1445bc0c6b086799dd37577afe0cd0920c54690ef8474c2afb774dad5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
bde48803c46cfeb5bd901a3056d0ef5e

SHA1
9c668102dc9a8c88cbfacb27c2f0b78673201841

SHA256
02b6c026c39c24f10524e957a7b783d1f7586b5582dc4d1580f9c72455e22ff2

SHA512
275e499abb3b95fa51e0bd5cdd110856255730ceb11c32b9f495004ea65185fa1bd411996b03620c0f360ca878b9265bdde7d4125d5c704f5baec4aa77677c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57b68e.TMP

Filesize
25KB

MD5
084aaac886269c911af688c2fc156d1c

SHA1
27e95c2f1cc547c9d910d4ea170def620e750f0f

SHA256
c753b90de2d4a7b136f36e6a35204374f9bbf252fe811d95897abec2e30a066f

SHA512
56ecbd61c894e6b49280ad006d0236abb589d19a62b78f30c2cc9a78b6b09f95b4add806618aab87276167db7505d49dbf8e4d81faf17f641697d111850f4e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
e1bcfde843d8a046204f1c8f5048175b

SHA1
c36403d3c301055c210dfd38323dbecf3bd20c02

SHA256
8d363539cbe9565eddcc2386581f255f34fa1638496ed076a9bf1c1bac821f15

SHA512
04698da999df9a8c16e19e6d3fbecfc311c286c19f86308c1da68d52dd96bc0c6cf35ab89daf97e816aa6b2e50ed141a81abd2e4a3537ce386f6b3776bbcae32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
0087c12eed0e8fa4af939fcdc6976a0a

SHA1
67ecf17fdb0de9ff2c56ab5faed26fef9b436cac

SHA256
303163e0fa82bbd2c0a5809b241fcad45e60aed6c92bd03b7edf18c6247a934c

SHA512
09790332346431419aab946b5d9f043e94dc1acd699bb02eaf5ffa90c3f1bc651cdbc6ef6dd9a94dfb493bae657e67814f0b2ac6afd99493b78be6aafb4ac407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58b1d6.TMP

Filesize
203B

MD5
cc5dad36e3bb6c0c7e13d868534a5dc6

SHA1
0fb1caa8bb29ed38ff132ea064c407081e06d42f

SHA256
604784a74dd465b5afb499b110fd40472de3428d7497dc349d8084d8f007a26c

SHA512
dc8dacf2223649ec94573686841b3f566aaab0d3952db27242a923282ac38ca98255b6ce3435106ce9acf56b951e0e8c5a2593ae592ef0a5d6d387f45b999fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
9KB

MD5
20f7d146e0cff7b309d1ad5dc91b3537

SHA1
3107e634a5147c7f2a59fbf3c1493f0d720843ef

SHA256
df91b5075827fa9f007d4ef18a40132972d73d59bf3afebfc1e1d009421bb6cd

SHA512
472b4d03709efc396003df7e5ba8efa68f541ad315ea3433ede96544f7907708f2f486a0aef0c722db8818fff713bbff70d5f9cff31340d91b630cb937030ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe57df44.TMP

Filesize
9KB

MD5
4bdcb430fd9d5b71dca27e28b0b9446f

SHA1
97da4b52436a5050daf2975da5bb81cd1f3f064d

SHA256
0e146b91968e9ec2815f9a1e7d8bd6c66337ab7fc1ab812a182bfe910301b111

SHA512
8abda7268203e99b46a1e1fefad8db3539324fb7927ac79f6e470a3bc8639ac6fbed71b2877149af62516f72e61be69c67879aa35c175a5e3d8e2ab776dc9644

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
9cca8216e47b04f1266f31142786760b

SHA1
bb564e0c63c9282684a84b78167c33c5e910eee7

SHA256
65a4bfc325da0cbd47dc6db5f66e4211e9562ae31eef216995a64b26faede717

SHA512
02105ddabfa8b107782f359feff632f0b142e2fc44881f684d2da1456fdbd50cd0ca01e3de140c860bdd1565ff446be44d0a9af0f7bb27b7d72664c34f3cd0c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3fc8ff844dd45415813bc0c1107ab209

SHA1
9b0667fc48c3e0d338a86ff458b90882da22543c

SHA256
f5c4f574112bd1620e5029f896de8c24db117a05f4014f8b15b8038597ad03f0

SHA512
2642deb55e222d868efd13d607c06047761ad9c8465e20ee2cb439a6b41cd0128e49fade7278328c61c314e528522bfd5b2f3e101ab876ca448f24e912f18931

Download Submit