39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/09/2024, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
Size

896KB
MD5

0141575a8731465fa16ac7178b3853a0
SHA1

2e67949ca574942d0ba17dcc79a468dbb4ac62cc
SHA256

39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb
SHA512

776d51f2c387c4424988013bc17633eeb5fc61680ccd7cd6aca57885540594573ee9888b52f3ae45dee72732b7462a0e99c518ce5c950416be23e76c7933234a
SSDEEP

12288:QqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT7:QqDEvCTbMWu7rQYlBQcBiT6rprG8as7

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
5928	msedge.exe
5928	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
4908	msedge.exe
4908	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
5928	msedge.exe
5928	msedge.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
5928	msedge.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 5928	2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe	80
PID 2716 wrote to memory of 5928	2716	39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe	80
PID 5928 wrote to memory of 4312	5928	msedge.exe	81
PID 5928 wrote to memory of 4312	5928	msedge.exe	81
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 5932	5928	msedge.exe	82
PID 5928 wrote to memory of 3756	5928	msedge.exe	83
PID 5928 wrote to memory of 3756	5928	msedge.exe	83
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84
PID 5928 wrote to memory of 4220	5928	msedge.exe	84

C:\Users\Admin\AppData\Local\Temp\39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe
"C:\Users\Admin\AppData\Local\Temp\39944fc6bf2518bb70ccf313ecacfd18aefa425eca80cf3f21962f596963c9bb.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7fffd7d83cb8,0x7fffd7d83cc8,0x7fffd7d83cd8
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
    3⤵
    PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
    3⤵
    PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
    3⤵
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,6172181000099643687,7091387107633079851,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6100 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\16571a9e-f13c-4875-a990-4a256f5d8fdf.tmp

Filesize
9KB

MD5
379d70176e432dd00af27d96b754852c

SHA1
622509208120f9cecb851a76fb1034a4d9a76f14

SHA256
88408e032a043a8e45004fbf8e439d079320a8063f1c9286f7c3c8493f0cf489

SHA512
25813f18f243f063cbf1369dfaf24e6448db7f8eef38627eca5873d036b7ecd3ad040aa2fb8487895d1e51ad744c2cbb38a0f20919c74fd9464604e8adbda295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
69dee900d02d5b63f9fb74ac896b08a7

SHA1
d59a7f0f014b39c57d5b7883290636fb2a73f9ce

SHA256
5869bef52dd25081f61cf220a47a0c798f8594b4fd66d79fc58c7dcb1f602127

SHA512
0d7f85e811d353b1444850b0947a542288378da01a8d3cf8710cab5eb5d8ff011fac3bea9d1e252a99a077e0fcf1c053cc4e0c8467101e623a1f9736f11e34ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
fd2461c04268ff8f5221b9b8d4c7afb6

SHA1
6af2a032cf72b7e506e52aff9c22a5734b0c06d1

SHA256
582d04a8e3e5fe2e6369e3395cb56a1ad8f3ce9c5dfa94ad87565019db74f6c2

SHA512
fc2ffb76d3e5d495f64e2198347134b0c8520dd28869ccf61e6a14fa4038d8ca9ea85a1d699364bfd5c069503a5a6cb01ed918ab6e52c6ae969bb29f45c4c35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
e00c5ca9c258f64b4b0a379a32f7bd15

SHA1
c02d8c8259ca8b1bf6f2d3dff8d6088a46688805

SHA256
6f5f54fc5ee022ab587b46b2d624b5f07fd392eab37c62fcce19b357ed3cf1f9

SHA512
39e5b4629fc01fa3ab9144af22e1b78280abb71a26239bb2df73a22238e23316e6dfebddbdd905be4109c3f12fc2bd57b6a5e7228162667d3dc1576bdd46f179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
75c2922f269e56735e5b32dd87e696b6

SHA1
149e4bb3554f14918db110db1ff90c9ff596c5fc

SHA256
3380d1e37f18c08e205923ebea8bb36ae4e8fc64e5bac3c9fbc52127a95a3945

SHA512
68a2405c5b40e0fbf9923a7679feb44e996fb4ba60c4c484e6065b7e36ad194067cb12aa5840f3789854d2381b64752a7772489ebb3acafd609b7d466537848d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
2d78386a0a527987d458e03921a59a60

SHA1
2f65892d5ebc17e863fef57f1b24149c5da05026

SHA256
9c42a32580304deb57e08c5142dac5b46e6e7981a0c9b94aa880fdda2c9f5734

SHA512
df2ec20dd1c39b9d93d4f95b0db256d41e54e19c0a1e26a56dd8b647bbb247480303c49ad7e7be3efc1adbc3eb62132a0460364d3d72a390713d1438302eab69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
8134ea181b50519ad29c672a83ea7f24

SHA1
1e36037bf93a96d7a2815482a535e684d7d11512

SHA256
f11c291ffa95c18b414f65751953dc65ef79f5a85f147eb3e8852b873379498b

SHA512
6f198120882f7e61821cfeb11279d981543b97e5e232c0b8416cd61b4fc480b63303735ced10aca888aa7a6a8e2130754b41292810bd7b6b926f696b04dff014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
9d327f90536ed529c908dd3d483e772d

SHA1
c54ca003729577b856b29409367c18944c0e950c

SHA256
d2f79a1dad96709fb38a2918a0bcd40b94dd465041e533532703d6ab04cae8fa

SHA512
38dcae9142132a6389295a55bbdb56effa102e03a9414399498f107ff2ac9dfa788424e88bb54a90af47f86e23014a93c959eea626284a2aa8589a483e363cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
7242cb9ecea71c379aced552caab9b63

SHA1
bf1040720939a0963cf975ba0a969292f0628632

SHA256
9da759a52a81af0aa2810769faf662f0bedeb6c98dac81f4048a89a236357ac2

SHA512
6e2887afa21950ebf9e728d819ee4d4ae0f3aeeeb42d005f17d7ebe1ac9e314da901b007dc3bae4915d2395343c401081f6f40063c64ce8638987c7464b15567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
75b465a8321a54f552e3d1e5ce8af2b5

SHA1
0b03a1aa5b070432b13966ad71795a0bda8fac15

SHA256
957cd399d72c1f87ceb9a19906590a6365289bd4f1fd43a166a903ce8eb51611

SHA512
454dd9d975bcccdebcdd6bfd5ea586871bcc66d3537ef6eb5788b247284c15e72fff6fd34c12734a93bbf68445459e4088047a786655cd8de788f735c6da6d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
0085e06318e6b57b11ddbe57bc7310a1

SHA1
6af4e40106a89c6fa70f0731a9fdbc162e1a5aac

SHA256
2aab139712d6365c17b2202133e6cd840405d0c5f8928266f325b01145df1588

SHA512
296bcebc9a0134bedcb4fbc72c12e0977b976b29e4d9cdecc3d8100030aa3a587e8d3069655ba0958beb1287d87e97dcd37a8d2732f9b3b58872ca60e388c90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
0a2f2e5611b3163bfa1266a0e046fb0b

SHA1
b9a6c5503bb2998c76e9674555947af786be3038

SHA256
0f81f27091a2adb4d62b2bb695c3c97cbca95db05077a6013cbf1525ec591474

SHA512
5cf7e48c162d5da204bec81881a7fa213d08b0fbeab4be39a28cba31a2e6ca928e9e41225c35538c2094ff3624b2296e7b208682f5872b1cfe6287d2ae38f225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe5794ae.TMP

Filesize
3KB

MD5
0840089973f91a43b1992733a5cf3829

SHA1
ffe5cc7cdf2d93bc657f61455fe290dd4cd36626

SHA256
5ad08828bdf6cdebe002a66e61b988e62a96827fc9ebd08761de419b40363797

SHA512
bdc408905e05985deacccaac9b827d26a538c9b1a8fb4e8e30e77ba53ee56d69f3b35e9872a2694310a99564782fd95d8aaa08d60cf18ba6e0c0c473b1df052c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
1a1c46d59a2602679c50835174f752ff

SHA1
2ddd84713f32e099da31dc8cd8883b84813e8ded

SHA256
dc0049b2a3e42226e1a37db9136e6631ef13004935a525cbe9f2304af4745586

SHA512
dcc8be31c0861a23b69cb2b47ca9867c07751e73c8066a193cb9effebc99aba2d2586d94aab10ffe46a45e9e683bc6175e6e12aaa9daf977c02ef036e3fde750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57bc7a.TMP

Filesize
25KB

MD5
fcfc6179d301df0d85d0379a89878d4d

SHA1
2f31a56cb978ad49352d91ecf731577a0b84bf70

SHA256
b99b7106e857518ac2d6511b8397fecd0b17b14850c1fe0e5992e8a609c4f8b0

SHA512
de32e71e8159c42be1ca035db069631a0edaa1eb7a522701d407458cc5c82086cd76ae097a5d312374b08d583562a58f5a3e5e3b85e8167ad0b0cf6280e3df33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
0357e0248f64de75dc2fae0f0b8f5b6e

SHA1
77cdba0eadf9295af31a89844839a68345b83bed

SHA256
237160ac3711844ace56b354a658ae6ecc34a551f714348328aed935e778bbd0

SHA512
48a74925ce045538d284432161b2b7b046d55c61e63173fe129e2385138c68663471ae68a1a3ccbb64c56d380c79a2b22d82ef7828f4bf5df336681c7000d985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58b987.TMP

Filesize
201B

MD5
18c90023b2e40c605ab686b09375f5c9

SHA1
c35119f98975e153d2a45063853e3b4d3844155a

SHA256
7bd60073092cf0578aa966cab62d8708dd60f656c6ebbebe70c2893afbfa67bd

SHA512
58f4187f87277221ff341b00fcdc92911fc3e491153b6cbb0d77fe7104b1185d92cfdb793a72628c2777a8c17f6c457b450eb2d23502d4cc3e717dd028d940ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
adf509779f99e08daaff8bed41aa4f9a

SHA1
4c1a7e79e10f32c45ab6f974b912ac2e569a86d7

SHA256
f33ca42847ea2980bf13c79f688c314033b31c99762f5809264e837a68c9ccc1

SHA512
aeb4d7de8c0a558b42cb97e95bb4a1a93a2b7d37e8583e63795fd98f3bbdd3d36c0727ab136b1dbdea6c891b439d331bbd5e30253dba34f4889928b0552dd4a1

Download Submit