7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d

Analysis

max time kernel
149s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/09/2024, 12:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
Size

896KB
MD5

4e47b9e5520b1a3bd0c8f59ff741bef9
SHA1

a0d0fb46dac91c6ac783fe35a6cd5c44f0d10265
SHA256

7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d
SHA512

477a61baf7a657fd4bb6f1fc525263c2e596e939792a442d0e89c7eee336f9b0749cc8d642c726e51fefbb8ba52cf35ea0106bee67e8b125ad6f476d1efe64b5
SSDEEP

12288:SqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgacT6:SqDEvCTbMWu7rQYlBQcBiT6rprG8as6

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2980	msedge.exe
2980	msedge.exe
4604	msedge.exe
4604	msedge.exe
3088	identity_helper.exe
3088	identity_helper.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
2980	msedge.exe
2980	msedge.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
2980	msedge.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2980	1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe	81
PID 1108 wrote to memory of 2980	1108	7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe	81
PID 2980 wrote to memory of 3020	2980	msedge.exe	82
PID 2980 wrote to memory of 3020	2980	msedge.exe	82
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 4432	2980	msedge.exe	83
PID 2980 wrote to memory of 2188	2980	msedge.exe	84
PID 2980 wrote to memory of 2188	2980	msedge.exe	84
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85
PID 2980 wrote to memory of 3644	2980	msedge.exe	85

C:\Users\Admin\AppData\Local\Temp\7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe
"C:\Users\Admin\AppData\Local\Temp\7662d44473b4c370596a961a962dc7327f6acf03eb69d9cbcda361ffd159742d.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x98,0x10c,0x7fff38e03cb8,0x7fff38e03cc8,0x7fff38e03cd8
    3⤵
    PID:3020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
    3⤵
    PID:2880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
    3⤵
    PID:4016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7244 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8980508075252578193,2474382880551146564,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
5d9a1f40e2112721ab64108941542208

SHA1
2de131649025f186ee5211670ca93c6fcf568349

SHA256
502e8a32d9172981b57c46e0a6a741ad3e04f5c9db084b1a3af848d1edd2170b

SHA512
3a3dcd9eed6507446f9bf2c67fd0da82ae4f14c63b5c33409303a4fa8ff8c133ab397be7e746562a46d856d0baa728d78a3698cf03f18c9cde71029afd36d2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
4733244e861060ca3db3c95d723944ac

SHA1
f63c593fc62d0325ec3ecf997249a26bd8d3d7d8

SHA256
9bcd35fc4ee72d77eb8983a4533c65cf46dc25395a2436692fb892b6adf40f7e

SHA512
ffabca9ed2b7128c8234f609ebfbd40fd20f816f01610100bdcd492dc4207827bdce1ce1041cc6f314005e9c78cfa31f5fe54c6cf428588c0d62f05c44cb9d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
5d90de5d97f7eae148db79149e487138

SHA1
70f33cf8c5bc37e27ee978e6a3a9d3ff2302f4f1

SHA256
7a7ba92d94519d8f42233c4d968da5a8d5125fcd0049e60965a899d8df949732

SHA512
7ff0fe0b3505862b6b1a0797dc1ed952426640fec8321a8d98aaef5901214307159e79cda565a8222ef9308693cd016577045b65f6dc1d76cadb0ee14134a0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2319efa7394eb262a29b134d31723e8a

SHA1
8229eb083ab6b55262db54d9d3d754e3a95f8aad

SHA256
9500e90e9fcca05ff3cf05132fc13f2bcd1976afe304afb2bfbf27311a0ca730

SHA512
d06ae53c4c55ac66a019de8bef78c1acb84cb9112a23b5046ab3639ec02cbd7946facc4e585a267d3e983d741ddba650df149dbfb52efd636942298ae0103f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e57408a02f37bca9c6bd527ba5255986

SHA1
da5a859dec353f4164d58a96f8895104375c468d

SHA256
2348a5827105d51b2d2a1f7285125164e1606be4160dc9ebe63a441507abde9d

SHA512
25594d6a33d42eef8f8f5d3d400e94b0c5ba13c17a2debaf8e54dd28463e0251d1d15db822b094297e5dfe3a1423dba4e0463ddad08c61adac94d1c53808c2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
c0baa3ee1efc49c727d7d40d19d3578c

SHA1
cd9da671cfd32dc02170ad8ff5eec59e5109df80

SHA256
7ea5321b57a154221d6c1be11c9eeef510a83c19e87c53f21f03365f0b740508

SHA512
f79c4f904a607f6d72d4456dd60939f31a86e970d916f1071545411b5a52f249f4edf75b77585d3a385c8703c4ea6e0f69b1c78226ee820c4f8957ac1f14268c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
ff6cd6168d7eb5335676771984dca152

SHA1
527e729fb426e8ef0d739c1d5c88b7378d82ac24

SHA256
4cce0e574a8693e261e0c011eb1c04634bb0d4c727ebb1439a254720bef42450

SHA512
5ecf9882795e8c0aabf0d5eba4acce38be7d39eb4e23fc138117ad4edc48e489ffa3493139e80f04987e2006113a1137b57e29ee1f4d3cdc5602bdc54845963f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
d1f133c4a404c036043375989b69870a

SHA1
c522a1b37c3195137e2b18ba5263a7c9f4b9f957

SHA256
be3dc7ed96ceb3c9401f4f68e9a5b99765d63600bbc54759ddb853d56a8bdcd9

SHA512
d692ba5034fee093226b6aa3c71bc9780bcf8538289407db173536d06ab7be0406a9ccb286045ef79cb2740b5b9053f0945a8fbb5f0917a762d85dd180eda5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
98f62649a4561ed6d6e24598a30210b8

SHA1
d527f266a7a0f8e72411fd3d84cf17041acb41c9

SHA256
104f72572e940c7fc15ab00977f62542799aaeebb678b838849cca094a87e65d

SHA512
50534c1e66f736564907506c6edc79b8c76f15bec55c4ee1090b11950019892cd5b9c9e06728d9558459f3bb0442732411adc772afd656a0d11fbe5d3276394d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
a2f11ee10e1dd6fbae76398ec0d6e0fc

SHA1
f124ef08a637076a9dec744ce87dde40f15505db

SHA256
a412040a3a6fa811c4c51c8b00b2751aa2464f136b50951b7f71674b9ad11904

SHA512
734cdfb2f6c001e30fe29f8b923f7a2b7b07f6d245ebcdfb7c781cd3dfd461f279000f9be6113ca9bde27e601ee0824a73f030b6733dde27d5c84e46eb2534a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
aed6544f60f7783eeaf6a5e610183bee

SHA1
c661468180658d76a65973e2f298e3b511c990fb

SHA256
348d27d6890ed5f7b01cf0d31c7bec357037b5848d5d2a9364a63e567d430002

SHA512
b619b77e914d805f35706d6bce0ce25e4363775fdafe1fc123433e40c0efd5c7b4aacbfd0a69cdc3d54f0df7f98971a33882ffa77313e4f548cddbcdb1ff5b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe578378.TMP

Filesize
3KB

MD5
21a887957cb4979ad73a2489190c4e29

SHA1
f120f2f9f618b5349776cd4cff4ededafb57d872

SHA256
04535c6188ace6934657af101c2c548dd11371dc7c59fa403e266220097ecc35

SHA512
d8425256c51994fcbe4bb64ed63d72bc8edc2ff807c3543325dffd54a2df1be55b1aa8625a5f409f97d2d6cb80c898f82911d68b08be77cfa2e127566eb22a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
5cf1ea1a3c6e1655b3e9241429cf968c

SHA1
247c617006bc59ef2a04d58491f45ef191b123e9

SHA256
c130469fe7429f531f2ade1d010ca5ef0d1fc1ae75cd5639d317c974f283c2e6

SHA512
baae043964569dd71101bbbb6d428a0817fa14e6be95a8cd7f344853ee6fe5d997fe6bfd1cc516d38ae35856078b286044e198b0bc8c1971a4a8c976cb57c23e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57ab53.TMP

Filesize
25KB

MD5
468c0bd785112d2f0550e18cf80a7ed3

SHA1
a045ace4b75db9ee124d629f268810ac7a0efd83

SHA256
062b5b6381e45125c956e8b9d1c9575b9aa1f2d31934f535a2711d347643f345

SHA512
e8d415e095ef03cde7fd2848028d2f1d3382c26f02452e3054b276918425e7a86b128cd2e2ccf4b0e635ef628ccb395280fd6400842052ef5a469169132d759a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
68ab62932dc0c5e16a57a2bc8e391d0f

SHA1
318a0d9285ae3fc2357320a0a19bb4a0cd8012f0

SHA256
ad53346c971b6e44a518d0592372b7249e4f96042f99d0c74162d6ceec3b4afa

SHA512
55f6c1af11252a530935afda9bfcb9e1e31b0df9765d64e3382682b522c35aa70d173c38bcebcbea6d1d3d3aa316647f972c8c4476d6a750bf29bad6a1e85724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58bbe8.TMP

Filesize
201B

MD5
39bdf8b8c6a9221b88602a02915ca2d2

SHA1
81b7fec008ba0f3439aab0e955772ae8e056b541

SHA256
69ec4d3707217a0c95f092569d27381ad17eb512fbe0af2b5cb6818a518d297d

SHA512
1cff27734917082ebfd08046a3cf22255ef84bea9799dd67f79cda3b86651feb33894870ed063b81e47adcb2b628e18e315a1a559e6f23c95c425cd64f5b16e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a2314684f81e4f9e40c3889289c0689b

SHA1
7e2557b6a514170bb5f390b8224a45b8cd2d6104

SHA256
5c790b8978f28f055e0cef032354ee6742c745d132737217fb2f110648393ee3

SHA512
1962f0815fcfe751b7abb1012ae9c04ab03b0800e7b21cdabb935fe2f7d9d4e06071a2ed9195b12d21ca8c528019ea989b501aa881ee9c795e032069d6236c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
9KB

MD5
c6de10aa2f83486abceb36b2ebb3d4ba

SHA1
291339d3bebf011231ff7857c1b608b9a18e7634

SHA256
d367208ee39c900fdb1811268cb2d87b8fdea0dc784bf77482ad5257409dbf2a

SHA512
ec6f7e8492a34bc275ed233019eea494277ba4b511dff18a2e3d230a5d3642512a35e827545818d1162e5c639d9da4ec84c5804f3c0f60287c1b5dd4fd8bcbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe57e4d2.TMP

Filesize
9KB

MD5
59d632cfeb7e563e0403f0d88e8c3ceb

SHA1
e0227dd45a9cf3d6ec5990e43f42e9c297d77447

SHA256
8613b7ae9b5396904f1339bcd6570886bc1af3c5ef29ff41e63c38d5a355a85a

SHA512
5f5ac0fb5e005db82ede19dab432f245a6ce6dcb422026e65fea7749fda97a6f0f79ae34029598bbb746d4bcb1f5d3960c338bd68049cb1deb0315eac99f49cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
7608ae54d772418c399b787f76d5c947

SHA1
ca991eaab5e28fa3c9baab0aec58f2770700f7c2

SHA256
9453cef1085658f97722ce7fb62e2df3b4b794e441bcfaccd2a673e37f5b0265

SHA512
2b12856645842f2132909d1a047c4af371bfccb3ac072a7243cb1b8ef624627d1be584474b051b2d0f4c523caf0a32122573e7c482bb661820e7068a7dc313c2

Download Submit