88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-09-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
Size

896KB
MD5

722a21a12025094cefd6de00ab539383
SHA1

00c7867204dcb23a342cdbcb915d042919569a05
SHA256

88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038
SHA512

58282b83bd6b647508834a7c4f47ebc5aa684833732bd6f3225b5aec362bb687769132cbe3f9be6ab7e176b8d66a20df8f8bfeb4d34f9541fb0281a24fe882ef
SSDEEP

12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacTu:YqDEvCTbMWu7rQYlBQcBiT6rprG8asu

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
4020	msedge.exe
4020	msedge.exe
796	identity_helper.exe
796	identity_helper.exe
1164	msedge.exe
1164	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
4020	msedge.exe
4020	msedge.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
4020	msedge.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 4020	3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe	80
PID 3700 wrote to memory of 4020	3700	88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe	80
PID 4020 wrote to memory of 3772	4020	msedge.exe	81
PID 4020 wrote to memory of 3772	4020	msedge.exe	81
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 492	4020	msedge.exe	83
PID 4020 wrote to memory of 3116	4020	msedge.exe	84
PID 4020 wrote to memory of 3116	4020	msedge.exe	84
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85
PID 4020 wrote to memory of 400	4020	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe
"C:\Users\Admin\AppData\Local\Temp\88327e1bf9762bc4429d9799ada169121b27b1e59c4f3d7fcfda877065bf1038.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb37df3cb8,0x7ffb37df3cc8,0x7ffb37df3cd8
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
    3⤵
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
    3⤵
    PID:840
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9269675134216357395,12718078554297292896,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4476 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
ed40980930617b123a51e504fbb59854

SHA1
a33fbfcf9225d139263b6efba9461da12c2d8061

SHA256
f99b531667f8d565040e1e822652e7aa0bd8db5da3653c4b62376ce63c33b33b

SHA512
a8d73af7298ed09c5a2cff9f6c45d2a2eeaf5ff11903375c954225bad84cea6e689aa2d169a7cc1e2efb6b0cd341c36ae20f79169c6ebe681bfd35c492db68cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
5082b06aef7c7322ccaa48b0b44a4eaf

SHA1
9f2232639675d24cd800153bd902d71e815b1534

SHA256
689eb8583110ce570dbf7ed37ead0450129420b28be3a38a22a0400bfdacc583

SHA512
f9703eb52f29066fe2379cc55fe9a6748ab297185bc94470add32dc5260138952c5c8f31b3b6f3f2958fe3d7793e44521a28136c29bb212afa346444346e9d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
b01c08d5a52e4e4cd5b0481dab9475be

SHA1
72f991a45a0e391e27f0f7b4054f19c61d24c667

SHA256
57f39c85a0c70c40f2a7ba50eb62c79aa8c0b17a48d841dc61571b009c023d0b

SHA512
fa61ca5d243ac40c5b84745fd198a3a2e0ee317a97dc4cad9cfbc175227b0b2b679f78b4697ed73af58b50b3580b4d8471f73cea54f36b497ac26a4c4e90c1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
f594d1219df5b3abdd284b4037f330ad

SHA1
dd8f499447f9e044ef3b1f7de45b62813e2cec12

SHA256
9d49c3967f3b84081370d903dd73b611844cdd9c5de70ddb8c77cf4c18e1d438

SHA512
101b1273f6b15cd3d975a1d22126c44b03d0163ca9883de8e6f95a3f18fcbf086e14fc754a42de574d00ce8e231cf8519b18a228965bb905e069d930083d9c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
9f03d56b7c375639986edac04de37186

SHA1
92c06696c2896deed63ef198e81b9b10bb593dcc

SHA256
b909b3e910b544c0d417b389df5a5e21dc4921ee53f70860ad6821e87e942c10

SHA512
c282506b6bf03adfd8a4883d042c87b14520279d4108bb5cb6368be27dc72bd86d8d3d1fd7cf964643e062c0a2b7d31ca8bbbfaf30c50a5cdcd6b5de6a79c830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
000c71b7a4a6f02c5d5b2de07a6a0ce8

SHA1
7dfc60ae2742ba39ba3b38679b3fde74313042fc

SHA256
882e15c8e7eb81a368b602c1a59f4379d8540500d429b1c4f2d7750c33bfc860

SHA512
beeb538a0547b3efe7cca2a40bf93b195c8b8ac9c5e285af223a180550f9832f5f4bbc82f8626bd5348b882f0102fa25e93d030f9c39a52f52f01488231438ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
12769607777811e910f837f8e8fbda9a

SHA1
0c8e63755daecfc6a514b8e894cf41d49fdc83b8

SHA256
7a98751194138882c203c4473fb334a81d71bac6114ce2c0875b23ab3cd7ad3f

SHA512
1b225e4c4a30f73ec2d53b5fbb6881791d85b4a948b99a004c87c8052bca621f25991cb6c3ec816ddd719060f286202655e7a9b0d24b58f909986625a5eba220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
e6e3368d5be160fc88b685ab2041bf0e

SHA1
271d2606a82d8b481b6aac9148851a931a3a9129

SHA256
bcc14967cfa79a4752af266af74d6cfe431c38a7e3b9b3b98863bff292d78c02

SHA512
100584b080b4965d366fbc8404e63c975f2cc11d3d816a7942d1a398661f13d91f27416960f78060ede2ec2a2ba084c6eb0f738d7619a901432e2ea2d7b0221e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
e9cc66198c36d471a4d0d11efa35a933

SHA1
35a67cea2e13280c5a5025038cb2f890ab120aeb

SHA256
41a0fb332e4a0d8604f304743ed0af256987bafd5b793525046b13ac466dfeb0

SHA512
dd7c59f83edfd1aa3d8b22b5b3a0ee8f94c5d32ba7d9e8f66a7388e51adc254c1f711e72139599c8848da3953baa9d6ea1c9d34c8232bcdc865249ff5cccd985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
7093586fb918e43290f42e9fbb99843b

SHA1
d4ae0cf8dda0159059af4df62ad4831a78856159

SHA256
52e3ad8cea314326e5b2d72ccaf0344dd23db6bd4703ae5ddcee11d2b50d782d

SHA512
d0b49e1b682c5bcafe46fa76d757bbf5c4caefdfa514012c670316d64a53f4e23967bf76fbb7e206e221f71ed2d612fe02d247afccf48fc38097ad248fe1c542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe579cbd.TMP

Filesize
3KB

MD5
34210022b530fd9a37e18e70eb9b411b

SHA1
e0da945437813a7e01ce0b76a48912501cb5677a

SHA256
d71e8b4a7b665340d23778405914aabc5e0dc60c0dd32c913ba7414c9f4f31a4

SHA512
372bfc8819c4b28edd52bdad9425a54e4d0c38ab53682896c3314348f1197a9a36c415ed3925dfe058cdd4f5305c6696af77ed65ab6d45941a175adf661b2343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
b80ae8f00cffacd32ba7d0292ba326e3

SHA1
932d1e44f4c8d5c43b5960668d834bc550b9b6f4

SHA256
6311f110b0580b044123fb5007b6f71909ed79a82918e56e0d64c1f5cbcdc246

SHA512
4c66e462ff643ea69fb9558a4112e83e7c24c627c86b9c403fa04563d356fb9e2b478f04bd4a7e3007ea65bcc9cd5cf8c99457dcb9c36abfa78d0fc4ee6a23e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57c525.TMP

Filesize
25KB

MD5
ac7ef8ac1c441e0e775f2c1eeb82da40

SHA1
64b92ae903d2afa52e9c137bfc41edd0e50c65ca

SHA256
1f23e95d106965bd71faba6507f23be02e916d2f2412c1aa4377c849dfc4c158

SHA512
4f8ee19eb7372a13ee314fb15cf074233cbc6e531e03439c2a23012b2ef48c6a7b9cbaec91194e9c3a34138f7328ff102dd4e1b7c80fbee0f2b596aee20fe117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
63d7f522944fc2dd5f2f0a75f804d44d

SHA1
32940d9e26e3d9486d1f13e82f61af58c976289d

SHA256
8c96aa15fe9401e73c9ba5c09b79f5bda73ecf3c06213dfcf06480f2564873f6

SHA512
343e958d455066cd8a2c4bd2cd8d3722ffd2020e1b5eee6ce8b0011f62062c34ed75d62793d82c4db98bdffc12115067f68c17020517d1e7867b392cee87c90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
a3294919af83b5b85e5ea1a8c3d2a175

SHA1
851b83306dcc72d6c4c2507014a4bd0fc1f059e4

SHA256
87fcf49723259f7a49105409bf510be5043f84aa228ca3200ccdc5a4684f5cea

SHA512
159862292468ec20217e10ef3533f9eeb92d92adab2c31eab95afa38da46d79e3ce55251185e2665362e38167cf500220816a6c1ad5c6f8252e58eff3c74e618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58bed6.TMP

Filesize
201B

MD5
12b63716e979fbc3111382ea9f9c6546

SHA1
2c7c48e061875af80d034059ec56e714daf0acac

SHA256
952f6c1aa5b0b49eeb30ba272198c56745d2e72caa52563bc60e25dd365cc30c

SHA512
d73f9dc28b64398a3e2996a1bfcc44e66fa3fde674c015ad5113fa67a2b692ffd1ce308baa076412bf24298ed9cb1f27a22b9a44367b4130da09f6ad711ca0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\af6bc30a-e69b-44bc-8b70-c6849aab9f53.tmp

Filesize
9KB

MD5
cd7726c1677194b92073a98746ee81ba

SHA1
7c01191485e532a8b298176b1f0339c50629380e

SHA256
be3c1308631b96e832cf13806ee752872ee93ea57870e8c945e7681ddb129997

SHA512
b7a37f138ebad7769bf38495419edcd3e07296b32f31bb2dd6d3fa44fbefea36ae1a62556fb42afe56e0b2d577d20b8cfd48d8acb08ad77810272bb0cd46feae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
723960813236f490cd983286154e8faf

SHA1
a0176fb5ee2d930334b02c5e7cbfe6b87430acb4

SHA256
8a305848ef679903fd87d932a0ea1267a740502153be671b66245ec9c092ac65

SHA512
1fcba7b1092862f4926530ece411a277d78cc05bddfb962190a35e149b42764a4f92ffdba066d6cc1afd6b6c20acfcfc67aeed52a3225efe4c6fdd9540dde849

Download Submit