43f528d5f36334e39f15e4b1125e84d63698500914bfc128255a35d467447323

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

896KB
MD5

93fdf1b16a3c8a2cb82f5d3dd06480d0
SHA1

474fae5437ff9640b774767187c66eb2878d07b8
SHA256

43f528d5f36334e39f15e4b1125e84d63698500914bfc128255a35d467447323
SHA512

819536928dabf4c6a8eac0ba753b9f81b8ce093503257fbae77ca41acb7b7a48d8502f57fbd4588c15fd44f1edc35ece98e692b15d9d076378bfe230e0ae21cb
SSDEEP

12288:iqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaoT+:iqDEvCTbMWu7rQYlBQcBiT6rprG8aw+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
6072	identity_helper.exe
6072	identity_helper.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe
3512	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4412	file.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4412	file.exe
4412	file.exe
2976	msedge.exe
2976	msedge.exe
4412	file.exe
4412	file.exe
2976	msedge.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe
4412	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 2976	4412	file.exe	83
PID 4412 wrote to memory of 2976	4412	file.exe	83
PID 2976 wrote to memory of 4176	2976	msedge.exe	85
PID 2976 wrote to memory of 4176	2976	msedge.exe	85
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 3384	2976	msedge.exe	86
PID 2976 wrote to memory of 1964	2976	msedge.exe	87
PID 2976 wrote to memory of 1964	2976	msedge.exe	87
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88
PID 2976 wrote to memory of 824	2976	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9de8d46f8,0x7ff9de8d4708,0x7ff9de8d4718
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
    3⤵
    PID:1524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:4016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
    3⤵
    PID:1984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
    3⤵
    PID:852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
    3⤵
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
    3⤵
    PID:1956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
    3⤵
    PID:1644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:3776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
    3⤵
    PID:5332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
    3⤵
    PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7984 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8340689470090733866,17255568483964941247,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
    3⤵
    PID:5892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
5d8b11afd5e6d33f8dcdab8b822449d7

SHA1
fc6d9114e4968a3f1d2a0d3bf67ef3e1f040522c

SHA256
11b6ca8d295f2c0786183e2baf1358649f7d6144e0059379cd59d09a0ece667a

SHA512
6a3d4935a433ade3ceef5d7d1c25fb0dbe5715e472dd9eb578b4832f9e2b2c15c04800b2085a1d3e41c2d548882f2b282585ab708e947366f1ba93e3c63d4790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
e2a9373d3d5a9cdcbca9176f1859c312

SHA1
b3d6b1e8916e2fa19d8d04007816bf73e5c0dcaa

SHA256
052af5b7161bd73a2cee35eeec687d714613309b32c0a72b161d91e8e15d4002

SHA512
795b7258d857f9f7289125bb1d32ecda4c760024893e9eff14ce1ae8e68a989b39673a326a3b428aaf017505da8c44a490cf7a99aeec082c5cc37b1ac8a788e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
20ebe576436b5a816ba17e14173c8f2c

SHA1
a25559da29e22a8e94d470922b10b5d88079712c

SHA256
1918437f075cb19d7e2e8fa3d1184eeceb9123d9ae8c02f0dfeec2af60d2b395

SHA512
71faf4fa30553cd80301b8ee56ebd539138750ec8a835e009e88a64be2c2870ac29d9056565d15dfc602a4801fca6f75e596fbb2dfed58b1c66f193c1cb83e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\6709ce75-c48f-4d30-85a3-cae49684002a.tmp

Filesize
24KB

MD5
01b5b1547cf3f1ff41aef65631d18c76

SHA1
8ff77555ddad01d3b8031450d5a45ec944b908a6

SHA256
d43a9e9a5c79d174450418700187b5248679356a7f8904fea573fefcd942c03a

SHA512
5641b91c0d213a7bd2f81aaed1ccc8f5fd41312b9519d68a09db80909b4b19c865f8f3a00842ae43b4c453a2b1045dcbe50671954ad5a7767cff6edb4abc3d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
2d7c396f2bda51e35dee32aaab9678cb

SHA1
e4aa7ee31b3b2e6b50850d82fbd2e948b12b9663

SHA256
20ba34e9b3459c15b20f0c13523054530fa204657b8edd6f939ffee80967f2a2

SHA512
b3f0c3b9e9baa1ba376b0c159609314076ed4be78965ee5e2bf2d3d5c52f35b0c4d90f6d4b59b6ceb20f5d1cb23e72295d669a4d192cfacccab41e452d7363a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
8487c1b78d1d085fb83655d76a1340a5

SHA1
9e84b5b3096c2b6fb585107aa44b7608f62712b6

SHA256
128148b950d228fb3b480ed175b5a2e41efc77c83523546ec49c22033bdf8b5d

SHA512
04e19807505b1546065abe58911b7f24b9f1c9b4368c925cb6354d8be59b3a89b00e24f8cd3acf695bf40775650f097efc3d5be66bb10f2299f830971541b174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
45695eaa8f9268a18c87579974eeb968

SHA1
a2a78fbf3c7b31020d46cee3fb265ce39915b3e3

SHA256
67d41cdc473bd4dba23222e5a15fde32572b7336d84383c0531e46410c7f8e0f

SHA512
fb941ae0868e983e8784d5eb6ab7c0a6ac16156e28e0cd9019c84e32c536d2764172944d9ab48eb2d23771ad8cf903ee114e60710fdb488205cebe4377fcfd09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
a9011ec361565dbf0820e4237b692620

SHA1
91452255538e8f4d63c2f521a575c904f579eeb4

SHA256
36fe1eea5e5cd27fb4c7a9645ffe8a6c902016fc3e905d7b6816d7f80d4be396

SHA512
c039ace59d16f5fb95b28694b4653e8794b80626579068b7b298838aa185cce701e6733154424d847a638ee6b1a59631a99c91e7fcf3eeb0d9778f44a75ab011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences~RFe57c043.TMP

Filesize
4KB

MD5
fa255cc42f336a9484d0ddcb577c2f92

SHA1
a0b5bd1f2783f841e7ca3dc3a450ea7ee896cfc7

SHA256
0959bd59f373c9ff00d753a71a71c620c2c8e5539d8fa2a3044048781d965897

SHA512
9d8b58661e7e6f0b38cff862563cf0993b403a58cb14f2da068d554153939a915bf15bfa7d1a6eeb38c0ef8272b96d502d731c812ee4573b504e57f935c130fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
4KB

MD5
0234cd4b86e0823e4952b01eb59c8b5e

SHA1
4892d99f1ae87b13fd9a390d715503257f6c2f7d

SHA256
722a056b23cc1f5ccc986d8fc5e938eded33166cf3dcd4e9aaf897739bec65b0

SHA512
8cfa9c82d2e038d28782eb0d2f6201ed86de5bba038133082fe6a212d81dabd5650f8a96554d9138bf75167793578015f0a5c8a4b19267fb1e2023e0b957c6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
3KB

MD5
3184a2a1eddde2c3313e1040fb1cdcaf

SHA1
3365015c5f48d36dfadac77ebd33a4456424de6d

SHA256
c0157d44532a2d347519a9132be84c21266fb590818a802b1a591880f55ad80c

SHA512
6b8248c57006c27cb582fef4b4739a99ad0aeee706621018cb0011ddf463dbf592194ffa29e53e2daa191fb60281703018f9b594258347cbaa02c732eb1b4487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
4KB

MD5
bd74d1204d3aec8efa2d3c685069d392

SHA1
e5e5330dd563b1d8d9030412aacde4b73d1cb416

SHA256
5ef44e22c0ec1ae7e8fe8e6f8e0cb9a25558ec63b14c82712fcb175843f6d087

SHA512
8e38e2f2dd5a79870a65aaab4996a5aacb49f21d237749f39834bfd3aeebaaf2b613df80a46ac6d0a738b6fbc5b57661823823731f56504da82225f0208a6c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
4KB

MD5
cbd46c493a4253ed4d0dbc388b456968

SHA1
1aaf80dc64d88ff2516e53a0dcdadd002805767e

SHA256
468153679b27d3f4da1a485458a1269dfe2886d62fa587eb84f93a538d51d9fe

SHA512
2317f3bcdc8631dbe3cba6712d8c6677ee88a1a0f578982649dce1d0dfe63b5da01ceaec3fd082b369ecd349d94cd749a88d375228c02d4e8f9396ae4a2ed271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State

Filesize
3KB

MD5
85010a80e0d73bb3cd0a26a4f86335e3

SHA1
4b635fd96e757fe107a1a7ec712555f7152a3a3a

SHA256
b91893a0778b7de1fbe7131db19d921ea6f243d28b97a89b61dbefb35c0883f4

SHA512
5b28e6163ed19f46950752c150d8858490bc01685bbcbaf4b507865af65b35fa388a0aee9c93f4ad5d98c16327a238e6c495aedf692d47dac90ece91a4279915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Local State~RFe58125a.TMP

Filesize
3KB

MD5
980ab062891a47e73a874cdd0999252a

SHA1
21e0d320188f7df60215e50d74a9615ec2c4e6fe

SHA256
cb3a275e8f361e26297a95215b732a764b027d5349a40db71a5e3c84714f6f4c

SHA512
89f6e40e1c1971c0eda5505552351ab31461690850fa9107a525a51df1abae7b1a26aa9dd6d94a8918dd204ab296e14fcc649effd0f69a97c9ff94913d7c40b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6KUJYLPQS4M4BBK6970U.temp

Filesize
3KB

MD5
2818b50d506f8a8866d0abac56ec8354

SHA1
21c9e19ebc8320bdf16afd293ac7a8046f4e3d46

SHA256
47fd63285d69a7b9c1a4a732730492fd51be3a0d0b58e87285a0d2488adf3db0

SHA512
e98fd67243bc235fd5504ff40ab112792e3992155ea02041986027194f1d09e76befc97a8c59953f4943db19d7a457140d39c5afdb4dd243a7f81309c95bd9c9

Download Submit