d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8

Analysis

max time kernel
150s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 23:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
Size

896KB
MD5

a58c396654a9f2d58bb218634ac22d0e
SHA1

ef760024ea7d45886a7f26d070ac80817f91f326
SHA256

d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8
SHA512

26ee44581893c6cea7c26537caef3b5f4c1b120486e9be84f886f3f94414029b81557bcea4fb5a28a32bcb6a57083de36ab8ded43f3982a67ed33bc4a7075217
SSDEEP

12288:cqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaoTm:cqDEvCTbMWu7rQYlBQcBiT6rprG8awm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
3636	msedge.exe
3636	msedge.exe
5340	msedge.exe
5340	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
3636	msedge.exe
3636	msedge.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
3636	msedge.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 3636	2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe	78
PID 2788 wrote to memory of 3636	2788	d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe	78
PID 3636 wrote to memory of 3936	3636	msedge.exe	79
PID 3636 wrote to memory of 3936	3636	msedge.exe	79
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1472	3636	msedge.exe	80
PID 3636 wrote to memory of 1660	3636	msedge.exe	81
PID 3636 wrote to memory of 1660	3636	msedge.exe	81
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82
PID 3636 wrote to memory of 1460	3636	msedge.exe	82

C:\Users\Admin\AppData\Local\Temp\d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe
"C:\Users\Admin\AppData\Local\Temp\d121b053503a9e7e11dbe1b5dc8fd995001f606381dccdfdd94698c808e991c8.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0x48,0x118,0x7ffb74d13cb8,0x7ffb74d13cc8,0x7ffb74d13cd8
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
    3⤵
    PID:1472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
    3⤵
    PID:3596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
    3⤵
    PID:1836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
    3⤵
    PID:916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
    3⤵
    PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2943844798179345280,5445393107108773567,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3956 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\1ecd93af-638b-467c-82af-11a3170e60f8.tmp

Filesize
9KB

MD5
1ac02800aefa3e774ad3797da8c714e2

SHA1
478b5c4e5422e1e2a67384200feb11638152d4e4

SHA256
6b63d577c372fd8ca27402d181556c53db1487f575168fc3881d8d1dd632006d

SHA512
68d09bca342a1f78d77db3e6c8dde984c6879b1a92e86d3fe7d583baf1e5b08d5bd09a0b6f33097f1a27914cfa304debe1df7b8b2eb28b27a78436b16887448d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
14aee3cedaeaf7c01d19332583a3156f

SHA1
800670beaac29670e34d3b42d6de89c2e47d6035

SHA256
1d00cfa82536bdf2c11b260f4127680aee7157ab48ed2a21ee077125112248ef

SHA512
b1d612a732b2cda82e81e8512bdd35221a93dc97c079029ddd7e161e2e986677369b3c6d4d85f0521c2070fb4534de2f9f48e891f2e775eead73fe4883bcf55e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
e9c719c12030c073a2548e464cf088e7

SHA1
6611c4745612c6badc17e8021e0cf47a2a82d2ea

SHA256
445604dc7a4bd1f75f4ae858c54c67e26f049c9bb60f84f94c3f58ff6e74c3b6

SHA512
ca13d84c1ca140edd0bbbf32d38628c9c88bf2a0f55f73641a49480102dc7d5a52bec63a5ba3523ad6c7861c65910307fdff59a45a7c1e929bb3c965abcda770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
01de0e60b246497bef5b4642bfe3f6e6

SHA1
040f3527dca6c5a812b8fef0ace40dd35a31496c

SHA256
f5e34bcd5ece30f453a186a73babb07e5deb701d0218f21d14bb7b9da645be52

SHA512
f8248f0b96ef32e8ffada616bb5040e338597a7e8bdff243670186f2608cd7b8740ffff07585cebb30ac70989b11209bac113fdf13811956f44acad9f934daba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
8ae5d5abc7555da419fb393e6eefc326

SHA1
7a4673894266ba954a1415b20f54ffd037fec800

SHA256
1d339c512f6e98700b73691fe8bf93ab7bb40476ef5754cc4ed842bb051a5084

SHA512
78543d20368d3fe955f2a9048b21aba7015d6f39b5c62ad388e1f55768ed2816dadd817b5563ad1dad9f1b33d5f36ca6bbebbb80c6ba6ff2e518771db07cc95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
26ff39041749db8af8c14ae39f099012

SHA1
8b70c1cf32ca8973869f410f237974cac974d7fe

SHA256
c6788ecc5423429e1bd4defc8632695b9b2d1b4587ac468e81ea4cacfa2184c5

SHA512
5544c018344b5b7b0cbc19cf22dbe57c982b932d73c9f634eb745a837b1781380c508f3711890c721936bfb7550e8a946f26032a14ecfcf4063020c757794335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
a8a95ca083bf93f1a5513a55c06860f3

SHA1
a66266ab5fece817a8d76d23e207e950a073cc3f

SHA256
6f3acfb6e851ac4e21fa77416bda2e138e99582c7c98416ffdc66ac03a8fa742

SHA512
b872e823651200a0ddd1496bfdac9f0984cdfca221949afcda913ec0a600db4ce9252ef2f6e250f3da53093671c663c91ba8721b2e818dc1db41e698cf1c9713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Network Persistent State

Filesize
1KB

MD5
9f0e1c3501692912f542a92a70b845be

SHA1
b2f267aaa9ad4eeb6c81997ecc0802b5f91448bb

SHA256
28a45e792c13429f75aeb840bf2a3cce78acce66235526cf22c7a40f224e8392

SHA512
b8e34d9c7a36d1de533f6ac30ac658173ac19935a1602e7ab7bcd829f6c17b219f4ba688b3728bfdda523b33404cdc6227357757d85beafff6fa6f9dae42e588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
3KB

MD5
4656597bcbeba720c9961a76cc42685a

SHA1
dc43a2407f2fbd5248755f4f7f7174e94f1e5bc0

SHA256
e707d031e402fe225c86ef9d5a4e7f0f1025143096bb77613ecd7545c4be6c76

SHA512
484ef03b2bb9248dba0d6332ae2bf352e63c144972520a61d7a7594b82a5e5535475394ab41afdb32489da5551ecc5c645b4543b010c903d95212ca9f4dcabf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
5a65e8c2ce78a94621cb4a3c91973fe9

SHA1
8197f26fce22ebfa419fd3a0bca61d911bc7ebe7

SHA256
6fc59c8103d49c04f3dcbdd4639329767b79a11aa5114ffb11fb92649e202d13

SHA512
395e775b776d6ac3bc1206528b2ecde4dccba9619eb906cb2c7d3b0e50eb53bad11296c6dacba528ec501349e426fa2bd51dcf5a252b3c3f29647f97e9e36ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
f8228e8d87d0f42d954801c474978be3

SHA1
f1b140983926fe6a4c838f867675c588e9cabe23

SHA256
7cf143a23caf981f01808d1dbfd2297dccdd87ece6d61a08d8d95038d23cdb57

SHA512
42d9bab956a68c3f0556828f1a8df8938cd24c0d41d941ef761b50cc0d6f5ac5dce9ac3ec73124f032c9ec3afe58873f5a75f4adcddf78fa2dc57d8049d1699d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57b565.TMP

Filesize
3KB

MD5
00a44f126d782c58643f65f84841ecf8

SHA1
171e15b34f8b5e80f88e3ceac0123e853ed3853c

SHA256
837a28051247cddd8222fd7792c240d8e9ef50691c243b12c66603730a9d2d6c

SHA512
291ad73cef3622ff710559fc7b97c372d42262761c25e0bea1b9befdfe3e140b19b1ab034abfb0fedf2941d0f3dc8288bd7ef9c09fd52ef66e9492648a1c52a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences

Filesize
26KB

MD5
ac5664ef8e7b1f7af95189f87dd46954

SHA1
2dd364532a3325e73be2820faf42adbacda8ba4c

SHA256
7d60c8cd3fc13520c654751ca53e5e392c9ee1235bf1dc06551ab674b2dca49c

SHA512
bd53e7414937486b0bedfab383e9f98ca3abb0e313ef14570ed4f62117f02f72bc6b85e0226373e587da3134167c81432bb2035626d14343de79336533d89ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57dcc3.TMP

Filesize
25KB

MD5
6ed498473fca6a0be585bdf0c160ef02

SHA1
e1eb93e2eedec31cf572916536338bd40a37277d

SHA256
4ae028173762217e068968129282dd1a11d6ff45cbd3d042e9f4ff7064f3f74d

SHA512
b9883922d88689a7861db8ba561455fe9838b9e802d6efcfc76f278aac4e60ffa983132aa8a66e64ff966ac7ae884b96bdc4c90b2f58a0a3494c428a671ca3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
536b585cee8eb457d8ea6ca5f7a50f07

SHA1
20a8961fe57ee197327d9bcad9d361607bab8ca1

SHA256
05cb809067a3783e7115cfd44b0aa663fef9a80c93b041707fc0203b948fbf2f

SHA512
e4b46d5bfa9a7028a145df7fc55d2ecd6e72652b341336113039dcbad86788a7545597c5f1e65139d064dfbef295ce55fe9b4edc6407025da2de4dd3acc8978c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity

Filesize
203B

MD5
7d2e01d9bc47cc7e2f2b646bcc408fb7

SHA1
5ef870a81ac5a26b11dc0cdaf15397883d17fbaf

SHA256
a842a6768beadf89c5fc21c46e271cc2eccb06a8b896a1aaa9ef234a986caab8

SHA512
a30ab5fe791cb6fba89b062448a03c416c75fba1b0688c46ca0f861c72630fdc435af859ef27bdf1ec0edc048c2aa44e10111367e0cb40f7f4075d3554532fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\TransportSecurity~RFe58d954.TMP

Filesize
203B

MD5
281c96629305ea6b543500998b4c792c

SHA1
f2029b175364652a8ef2c6f802c2035ae81a1a4f

SHA256
3fdd96dac01699ec0092e5f5345b24ea49bddb3834af880ee776a79892f76029

SHA512
63014256077828935fd4ad5c6024067504f39d7cee3d9efb2d6a086eae5742cb3addcd2cb7c016136aa53f8c1b1d13e56b19e01cd0d3e90823d5d1cb1f3cd579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk

Filesize
1KB

MD5
b81b7ef69fe5a98ea4c7a75e0ff06f95

SHA1
5ef3e39a357e62dc78031508854e0fd702afc95f

SHA256
7499d2e945b3686e3b76290162778fda85764fd7591d07b7453d938713342cb8

SHA512
7672f30f76790beb6415b95bc1474610b5cfa5e2a103ea7bf26418c7af88fbd88604d3729527fffdcd006df7d10b8579a0e5f7a4ae9f3184db435b6eec808318

Download Submit