649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/09/2024, 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
Size

896KB
MD5

a7e6e2ec22ad686ed5538d53f8bb3876
SHA1

24b3ec7b27ab6b44b8389fdc8a8fdd195ecaf642
SHA256

649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd
SHA512

649ae7310de868267a1d48c722a15412c0ff5af59b50287b4eca25874a909b7374d66f8f33edc151daac0308e79f5cb0b3da77c903ef5e72a8bdd0b7dc16bc50
SSDEEP

12288:GqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaoTW:GqDEvCTbMWu7rQYlBQcBiT6rprG8awW

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1900	msedge.exe
1900	msedge.exe
1228	msedge.exe
1228	msedge.exe
6056	identity_helper.exe
6056	identity_helper.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
1228	msedge.exe
1228	msedge.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
1228	msedge.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 1228	2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe	83
PID 2704 wrote to memory of 1228	2704	649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe	83
PID 1228 wrote to memory of 2304	1228	msedge.exe	84
PID 1228 wrote to memory of 2304	1228	msedge.exe	84
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 2600	1228	msedge.exe	85
PID 1228 wrote to memory of 1900	1228	msedge.exe	86
PID 1228 wrote to memory of 1900	1228	msedge.exe	86
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87
PID 1228 wrote to memory of 4476	1228	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe
"C:\Users\Admin\AppData\Local\Temp\649a742019fad9ab5cfd82e42a55f01a636e4e038c92207e133a24dc2c7161dd.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --kiosk --edge-kiosk-type=fullscreen --no-first-run --disable-features=TranslateUI --disable-popup-blocking --disable-extensions --no-default-browser-check --app=https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffee3946f8,0x7fffee394708,0x7fffee394718
    3⤵
    PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
    3⤵
    PID:3556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
    3⤵
    PID:772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
    3⤵
    PID:264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:3684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:3856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
    3⤵
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8
    3⤵
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,15926089003887986536,16033707992378409241,131072 --disable-features=TranslateUI --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
943626eb05f6bf41d66b38f2f19e3741

SHA1
eb4553b6a83d0ba93aaa620da5d7c2cae475ec89

SHA256
b9952c4295d9c479a081b896ab8524cefcab4c8ef2fd1536cd1374f50357881c

SHA512
474a75e74e131e00438b2668fcfc61fb6fcbafc10ac4020143ae72cf8750c2896a83512bd6dba9074c608ae2a06360a2cf0295d54c5c7186f274c58078c8e74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
788be24b7c994d7626b47eab5409c415

SHA1
265dd82060872e588d52296aa5ae984805ccdda2

SHA256
319310e80415a105ba40c45aca45e3ccbfbe0033e12a8d51992f02defa95f793

SHA512
d2882e8f80ab2439a3fe9c1305dcbbb8ed71827dd5300c1cc48b121606c089320cb63b55539208630c7798522885f3dc45a7e7365a241dc59835f8f4bf64ac90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\settings.dat

Filesize
152B

MD5
d1c986d52d202e64374a6815958f38a1

SHA1
8efcc48023c52dcd1221d99cce72a3c7aa230bc8

SHA256
1f322ea55935b5d8db04480fd408fb9d1b8902305143e960e9d84a5f151eb845

SHA512
ef8a5a1125d62ba86907e9fa6eccb54e463e74ec9a648cb550b250802f5c0eb695ab1a3d5f4dcef6907eb1e4f71f131fbd8561e3438b8fe810c6ffc4b06505d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\0ce8fc12-9187-4a5d-9aa8-aa541403587a.tmp

Filesize
24KB

MD5
708828acb8b199aa5a2b0f1fe4920a25

SHA1
d3c1c43937981de9c35e0b19fa05145561033414

SHA256
7b53a174f0aeda9d81d31fac992e1032038f1fe03a0932cb08adaeb65f195cf7

SHA512
07f85fff653f9d143b7ecbe4b83c4f3bd744e56d759b834cad2185d7ffeeed7aa4830d2babbba9ca30debdc34919fb74bbb66e57d9ccde3f60748c335812fc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Microsoft Edge.lnk

Filesize
1KB

MD5
f488e2b495dd04863ac0e3096d635e6b

SHA1
a6a69d85e0d7f6aeb9d75f292b5abe678b82740d

SHA256
a01eab3f6b4f9a53cd271a1b21e2c351d50f5772c8a1f35470a1b33cf7227b22

SHA512
7d2950c11a19ed667cd1812d0d80729b82a3f4e2fd66ea0fa18f318f18c4203df5339bf560fc7d22c78861610b735d21ca2c810c2a96498246a14ac4e70ff178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
4b9a5a3173c47fee04f79820b292f391

SHA1
bf1066beb05253e4de4b6c78845c62b533e82d17

SHA256
e02f301655705d9d45413e271e22528a7d0e6c14beb0ca0ac27df727948aca0c

SHA512
64d896cdb54b58e52451643082259485536726e51578ca1b5031725020aae2561f3ff7fdc8ff1d86447cbbd71b5ef42f9422c8ec4f9e5c6da354a65c9761bd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Preferences

Filesize
4KB

MD5
83f0ba5c52237c19e61b3c5fa85ecd12

SHA1
2cb81bf54827e6992e0f680ddd28b8cc3a6ec540

SHA256
09ce1bd44de43b0c895986a1b40b7ce9ad2cbd1049fab785ac0935af0369fe5c

SHA512
c2861b0c4ebb93e676e0594df927319ff0905775c92598cd4f577c7da9db957caab3444558c4ccbfe9d12f7c8d9e616e3aef28167230a4cfd522e7da04debef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Secure Preferences~RFe57f7ed.TMP

Filesize
24KB

MD5
ecb59357190d24fde0a089c34c9f3e60

SHA1
eb4295e0519ae2aa4e26014bebe66915b02789ec

SHA256
1449b88e11fb3539a7f57acc92bb745c1d731c03fecc6a792f19fb2ed74488fb

SHA512
0f7380ff24059c736dd7003abed3fed7678f3cf347907559a083c132947b5148b8165b865eb5848452aedf0f2c9da96be8dbfef93d6eb80015b0483dc30e026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\ca183864-06df-4d0c-8adf-93d348f5967b.tmp

Filesize
4KB

MD5
55ded58c193f0539c899ec5cb703dcd7

SHA1
6a9a79f91fbcc03e7af557519efd88b5dcb59da8

SHA256
3a5e208069da9c8608ab302edf9504acf7a57e50b39c5b22fce0345113b4b22b

SHA512
091d5abd205762c60fa5ffb0a6b0763b5a80b3ec642f6cbf4de6af6509973300eadba93481e0bdc53e7996c5803d863c39f5e827ea87154c2f29a1b1725f30d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data Kiosk\d50db7eb-5527-4634-bbf5-30bdf5f58418.tmp

Filesize
9KB

MD5
cbd7ddf28e4e41daa2ad7489f82612b1

SHA1
216cd135c73c5b94da7772e91f2f8e664adfeae4

SHA256
61701a917401f2cfd33b6241b3783451bbc44d6f130a171e9d34f8efc9788a21

SHA512
c79d101cf4718bc7ac24c386f4a907b2e7ee8919bc595da028e1eef9fb0faccdcadbfa741408d7c66bf06f7c030aed74442742054885e6acc3fec3f2153e2842

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I9CN4IKIKF0OFKJCZTI4.temp

Filesize
3KB

MD5
e1533cf3c7763b2334eb7b6e9e600282

SHA1
a60aa5cf0277741d4a0e886558bd9ed9547b0512

SHA256
1d96cec7de2e6baf04c480a25c7332928e2c80ab8596dbac4b39257384e62c3b

SHA512
c41e72ed20491e89fe84397e3a02cd4eb16a65240e784d23ad3f2eb05b85f8567f5071158a4eb5e1339baaf403076c78f096f290ae5b786ffd1e76af39546ff8

Download Submit